SQL injection attacks on security vendor
New Comment
Back
A security company can make mistakes too, and perhaps faces a successful attack
"Although the attackers were able to read information from the database they couldn't write or manipulate it. And they couldn't access any other data on that server because the SQL user only had access to its own database, which only contains public information that is shown on our statistics pages. So while the attack is something we must learn from and points at things we need to improve, it's not the end of the world."
The important lesson here is using defense-in-depth and general security principals so that even if an unexpected (I don't know if there's any other kind) attack occurs on the system, the impact is minimal.
CommentsNew Comment
Back