About two years ago I understood that most sites that uses a database is vulnerable to an SQL-injection. This was when not that many people knew about the risks in my country and I took full advantage of that. But one year ago something changed, SQL-injection got to the script kiddies and BOOM! Everyone was now a hacker. The media called it “The return of the hobby hacker”, and they are right. You don’t need a lot of skills to do a simple SQL-injection, although there are more advanced types of injections like a “true of false”-injection. This trend we see in Sweden is not the general one said a security expert at Symantec. The problem I see is that when knowledge like SQL-injection comes in the main stream it by default comes to when people that are stupid and ignorant. It comes to people that want a pad on the back and that is the problem. The numbers of hobby hacker is increasing and because the cyberspace is a land of anarchy they feel safe doing what they are doing. But I feel this hype has reached it climax and is now on the way down. Just because the programmers are getting aware that this is a big problem. I’am sad to see that my job is getting harder every day but ill rather work my ass of and be one in a hundred then being one in a million. Hopefully the era of SQL-injections is on its way to a sudden end. All thought I shouldn’t underestimate the power of stupidity in the programmers either.
In other news I had my first “hacker” or bot crawl my site testing for vulnerabilities today. A R57 anyone? http://kkobold.extra.hu/export.txt just viewed it for five seconds and saw the username/password other then that I can’t say if it secure.
74.53.77.50 is the IP number the attack came from and it seems to be a exploited web server. I think the hacker came in thru http://www.media-courses.com and it seems have a big SQL-injection flaw. May hack it and download the exploit code for fun. But, right now I need to talk to a guy about a header image for a blog.