Why hackers are faster than you are

Computer security researchers came up with an idea why internet isn’t a safe place. The conclusion is amazingly simple but it doesn’t bring any good news for now: millions of websites can be infected with the same single trick, but fixing each vulnerable website requires unique and complex solution. That’s why patching a single web page takes more time than infecting thousands of websites.

Enormous numbers of websites can be turned into malware distributors using SQL injection vulnerability. This type of hijack tricks system by inserting malicious code into regular text fields (such as name, email, etc.) in order to gain access to website’s server. This vulnerability doesn’t depend of software; it’s different for each website because each website is different in one way or another. That’s why software vendors can’t make a unique patch to cure the problem. According to security experts, it takes approximately 4 months to fix SQL injection bug on a single website. Besides, catching sight of SQL injection attack and vulnerability itself is complicated. Other ways to infect a website and get an advantage of it can also be used for massive attack when a single trick disturbs a work of plenty of websites.

This entry was posted on Thursday, May 29th, 2008 at 5:52 am and is filed under News, Spam and phishing, Vulnerabilities. You can leave a response, or trackback from your own site.