In his/her posting, the cybervandal, left a message of: "Ur security sucks UK police this is my revenge against u."
"U are the one who are blasting bomb in Pakistan. Ur security is zero". the posting added.
In an official statement, Durham Police said that an investigation into what happened is under way and the "offending matter" has been removed by computer specialists.
Imperva, the data security specialist - who monitor websites for hacker activities, - said the the police portal appears to be vulnerable to SQL injection attacks.
SQL injection attacks - aka SQL insertion attacks - are a type of code injection technique that exploits a security vulnerability occurring in the database layer of an application.
The vulnerability is present when user input is either incorrectly filtered for `string literal' escape characters embedded in SQL statements or user input that is not correctly typed and therefore executes in an unexpected manner.
"Our research shows that the website does have vulnerabilities which could lead to the recent attack", said Amichai Shulman, Imperva's chief technology officer.
"Our researchers have seen that for a while hackers have been discussing the weak points of the Durham police website including discussions of being able to extract usernames and passwords that are used for the administration of the site", he added.
"This is an unfortunate situation for the police, but does go to show that no one is protected from these kinds of attacks unless the right precautions are taken."
01 December 2009
A quick question...has the police looked into this deeper and traced who the blackhat/greyhat is?
another note >Imperva, the data security specialist - who monitor websites for hacker activities, - said the the police portal appears to be vulnerable to SQL injection attacks.Im glad Imperva is not monitoring my sites as i protect my own
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.