Yesterday Chuck Miller from SC Magazine published a podcast in which I spokeĀ about the detailsĀ of the latest mass web hack covered earlier. PandaLabs had confirmed that there was no IIS vulnerability involved in this latest round of attacks, rather poorly written .ASP code was the culprit.
However; it’s extreamly important to understand that we are talking about hundreds of thousands of sites that fell victim including the Department of Homeland Security and the United Nations. Thus, we really need to start raising awareness that security must be built into the code from the start to prevent such situations from occuring.
The pod-cast can be found at http://podcasts.scmagazine.com/
June 25, 2008 at 6:06 pm
I rewrote the malicious code to go through and restore the corrupted database.
http://8ways.net/sql-injection-attack-defence/