Much news is circulating the air waves and text waves about the latest website hacking.
The latest hack attack is coming from, what news-folk call, “the SQL injection” or “the SQL bug”. When I read or hear either of these terms, my eyes do that little roll back that makes you feel like the canals in your ears are spiraling shut. I appreciate news people trying to educate the public. I appreciate the news. I don’t appreciate reports that scare people because the person reporting doesn’t exactly understand the subject and masks their words to indicate they are spreading very important news.
MySQL [pronounces My S-Q-L or My Sequel] is a wonderful FREE database tool web developers download for FREE to make websites do all those cool things you love-- log-ins, credit card storage to your favorite shopping site, storage of your name and address, etc. Any site you use where you must log-in uses a database.
The “SQL injection” term comes from the SQL in MySQL. SQL means Structured Query Language. In this case, all you need to remember is it’s referring to a database.
What does that MySQL database do? It stores your password and all other information you provide. Any site where you buy something has a database whether you save your information to that site or not. It stores your purchase request so the store can send you the merchandise you ordered and stores your address so they know where to send. It may not specifically remember you, but it will remember the purchase. Get the picture?
MySQL ( a database) has commands it responds to as part of its normal operation. One of those commands is to provide a “dump”. (I’m not trying to entertain you with teenage bathroom humor, the person who created this function may have had a warped sense of humor but this is what it’s called). The dump command, sends a message to the database to reveal information; like someone dumping a pile of papers on your desk if you asked them to bring you all the names of the men name John is the greater Dallas/Fort Worth metroplex.
A database “dumps” what ever request is queried. If you have a website that offers users the ability to sign up to receive your monthly newsletter, you need a means to retrieve that information. In simple terms, you ask the database to dump all names and addresses it has stored to be able to fulfill you offer. Get the picture?
What the “SQL injection” threat truly means: An unauthorized person accesses a database and is able to retrieve all the information stored inside that database.
The SQL injection, is not someone injecting anything. They are merely asking. The vulnerability lies in the database itself whether it’s a free MySQL or a paid My SQL subscription or another paid database system. All databases provide means to retrieve the information they store. Safeguarding the entry is the primary concern. There are means for the developer to require codes to help lock down the information. It’s just the hackers have learned the secret password and now stroll in to this pile of information like a person walking in to a store and grabbing a cart to load up.
The travesty in this hacking lies in sites where developers have not taken the steps to secure the database. Such was the reported chase of hacksters known as LulzSec, who waltzed in to Sony Pictures website. They reportedly tweeted, “We accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
Be mindful that these latest attacks do not involve your computer unless you are running a website that contains a database USING YOUR OWN SERVER (hosting yourself). Your hosting company should be able to provide you with information about their security if you are concerned about your data’s vulnerability.
What should you as a individual should know about SQL injections:
IF... you have a website, IF... it doesn’t have a database (a login of some type), you are not at risk for this kind of attack.
IF...you use websites for shopping, how much information do you provide them? Are you a priority member, does the site know you? Do you store your credit card with them?
IF...you use social networking, how much information do you provide? This goes beyond your privacy settings. How many times do you access games? How many times do you answer those fun questions about your favorite beverage or books you’ve read?
IF...you use the same password for everything....
IF... you answered yes to these questions, your information may be at risk.
The latest hack attack is coming from, what news-folk call, “the SQL injection” or “the SQL bug”. When I read or hear either of these terms, my eyes do that little roll back that makes you feel like the canals in your ears are spiraling shut. I appreciate news people trying to educate the public. I appreciate the news. I don’t appreciate reports that scare people because the person reporting doesn’t exactly understand the subject and masks their words to indicate they are spreading very important news.
MySQL [pronounces My S-Q-L or My Sequel] is a wonderful FREE database tool web developers download for FREE to make websites do all those cool things you love-- log-ins, credit card storage to your favorite shopping site, storage of your name and address, etc. Any site you use where you must log-in uses a database. The “SQL injection” term comes from the SQL in MySQL. SQL means Structured Query Language. In this case, all you need to remember is it’s referring to a database.
What does that MySQL database do? It stores your password and all other information you provide. Any site where you buy something has a database whether you save your information to that site or not. It stores your purchase request so the store can send you the merchandise you ordered and stores your address so they know where to send. It may not specifically remember you, but it will remember the purchase. Get the picture?
MySQL ( a database) has commands it responds to as part of its normal operation. One of those commands is to provide a “dump”. (I’m not trying to entertain you with teenage bathroom humor, the person who created this function may have had a warped sense of humor but this is what it’s called). The dump command, sends a message to the database to reveal information; like someone dumping a pile of papers on your desk if you asked them to bring you all the names of the men name John is the greater Dallas/Fort Worth metroplex.
A database “dumps” what ever request is queried. If you have a website that offers users the ability to sign up to receive your monthly newsletter, you need a means to retrieve that information. In simple terms, you ask the database to dump all names and addresses it has stored to be able to fulfill you offer. Get the picture?
What the “SQL injection” threat truly means: An unauthorized person accesses a database and is able to retrieve all the information stored inside that database.
The SQL injection, is not someone injecting anything. They are merely asking. The vulnerability lies in the database itself whether it’s a free MySQL or a paid My SQL subscription or another paid database system. All databases provide means to retrieve the information they store. Safeguarding the entry is the primary concern. There are means for the developer to require codes to help lock down the information. It’s just the hackers have learned the secret password and now stroll in to this pile of information like a person walking in to a store and grabbing a cart to load up.
The travesty in this hacking lies in sites where developers have not taken the steps to secure the database. Such was the reported chase of hacksters known as LulzSec, who waltzed in to Sony Pictures website. They reportedly tweeted, “We accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
Be mindful that these latest attacks do not involve your computer unless you are running a website that contains a database USING YOUR OWN SERVER (hosting yourself). Your hosting company should be able to provide you with information about their security if you are concerned about your data’s vulnerability.
What should you as a individual should know about SQL injections:
IF... you have a website, IF... it doesn’t have a database (a login of some type), you are not at risk for this kind of attack.
IF...you use websites for shopping, how much information do you provide them? Are you a priority member, does the site know you? Do you store your credit card with them?
IF...you use social networking, how much information do you provide? This goes beyond your privacy settings. How many times do you access games? How many times do you answer those fun questions about your favorite beverage or books you’ve read?
IF...you use the same password for everything....
IF... you answered yes to these questions, your information may be at risk.
My ongoing mantra:
Play on the Internet as if everything you were
saying (typing) were on a billboard
on the busiest freeway at rush hour.
People aren’t going anywhere so all they have time to do is stare.
Posts
No comments:
Post a Comment