At the SSCI hearing, witness currently going through how state election board websites were hacked using SQL injection bugs.
-
-
Replying to @pwnallthethings
(This is Illinois state board of elections) But it's fine now because they scan the website weekly for new vulnerabilities.
6 replies 15 retweets 46 likes -
Replying to @pwnallthethings
If your response to SQL injections is anything other than going through all of the code and parameterizing all of it, you're doing it wrong.
3 replies 50 retweets 102 likes -
Replying to @pwnallthethings
Generally I err to sympathy for infosec victims. Phished? My condolences. Heap overflow? I'm sad for you. RCE? Happens to the best of us.
1 reply 15 retweets 34 likes -
Replying to @pwnallthethings
But not SQL injection. SQL-i is old, well known, easy to systematically fix, and v dangerous. It is negligence to have it in new code.
8 replies 31 retweets 101 likes
It's negligence for language runtimes/libraries not to completely remove support for non-parameterized SQL.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.