The Rise of Everyday Hackers 126
An anonymous reader writes "Research suggests there will be a rise in everyday hackers. A simple Google search for 'SQL injection hack' provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities. The ready availability of this information makes it possible for less technically skilled hackers to take advantage of this common flaw. Although SQL injection flaws are easy to identify and fix, Veracode found that 32 percent of web applications are still affected by SQL injection vulnerabilities. As a result, as many as 30 percent of breaches in 2013 will be from SQL injection attacks. The research also concluded that the leading cause of security breaches and data loss for organizations is insecure software. The report found that 70 percent of software failed to comply with enterprise security policies on their first submission for security testing."
The rise of everyday... fuck, everything really. (Score:5, Insightful)
If this is what passes for research nowadays, I got some more data. Check out these Google queries and the results... (something, something, think of the children, something).
"make a bomb" 557,000,000 results
"rape sister" 99,000,000 results
"kill mother" 274,000,000 results (funny how "kill mother in law" turns up on Google's autocomplete thingy)
"cheat taxes" 59,700,000 results
Its called the internet (Score:5, Insightful)
Pure FUD by a security web site... (Score:5, Insightful)
I think that most comments are missing the fact that this is an article on a security web site which will be used to sell CEOs on the latest in security platforms. It's pure marketing, which means that it doesn't have to be logical or adhere to real world facts.
I agree that it should have never made it to Slashdot. However, it is interesting to read silly articles like this from time to time to remind ourselves where management gets their ideas about security.
Re:Hacker = Script Kiddie? (Score:4, Insightful)
That's like saying... imagine a world where i leave my front door open... hope i don't get robbed!
Also, every time somebody argues the definition of hacker, cracker, and script-kiddie you folks are lowering the bar. By definition, neither of these 3 should care less what they're called by the media (real pros define themselves with hats? :P ). In fact, the more obscurity the better.
Lies, damn lies, and statistics (Score:4, Insightful)
"A simple Google search for 'SQL injection hack' provides 1.74 million results, including videos with explicit instructions on how to exploit SQL injection vulnerabilities."
Which means that people could be searching to learn what that means because they read or heard it somewhere, or because they want to prevent SQL injection hacks on their site. There are two alternative explanations that don't involve cracking, and I'm sure you can come up with more.
"Although SQL injection flaws are easy to identify and fix, Veracode found that 32 percent of web applications are still affected by SQL injection vulnerabilities. As a result, as many as 30 percent of breaches in 2013 will be from SQL injection attacks."
The quoted statistic does not prove the subsequent claim. This violates basic principles of logic, and anyone who's taken a statistics course (as all reporters should) would see the problem here. Just because 1/3 of web apps are vulnerable to a given attack does not mean that 1/3 of web apps will subsequently fall victim to said attack. The less horrible way to phrase this would be to say that there's a 1 in 3 probability that future attacks will involve SQL injection, and even that's not born out by the statistic.
Here's an analogy (non-automotive): 15% of college basketball players are talented enough to be drafted into the NBA, let's say. This does not mean that 15% of college basketball players WILL be drafted into the NBA, nor does it mean, and this is the kicker, that 85% of new NBA players will be talented players coming from somewhere other than college teams. Or, 1/4 of all homes being vulnerable to electrical fires does not mean that 1/4 of all home fires will be electrical.
Re:The rise of everyday... fuck, everything really (Score:4, Insightful)
Attitudes towards potentially dangerous material are often contradictory. For example, in an episode of Mythbusters the team required thermite for an experiment. They made this themselves, in a procedure not shown. The ingredients bottles were blurred out to hide the labels. Jamie sarcastically warned viewers never to mix 'blur' and 'blur.' So clearly, someone at the studio considered this information to be too dangerous to reveal to the audience - either because it could be used to create a weapon, or because of the risk someone would experiment with it and then sue the studio after they burned their hand off. And yet, this material that so scared the studio is widely known. Not only can it be looked up with ease on the internet, but it's the textbook example of a redox reaction - quite literally the textbook example. When I studied chemistry in a perfectly ordinary public school it was the example in the textbooks, including not just the ingredients but instruction in how to calculate the correct ratio and, thanks to a practical demonstration given by the teacher, instruction in the importance of particle size, correct safe preperation method and means of ignition. Does that mean the school chemistry text is a terrorism handbook?
You probably could use thermite for terrorism too. If it's used to weld rails, it can be used to sever them too. Sever a rail, derail a train. Could kill hundreds of people if you time it right.