Right on Dave... That's a point I've been making as well. It is the SQL injection attacks that don't "obviously" do anything that are more insidious. For those of you who have found your sites vulnerable, this attack is not the one that should be keeping you up at night. Instead, it should be those attacks that came in and left with your data without arousing any alarm at all :)
-Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -----Original Message----- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 4:59 PM To: CF-Talk Subject: RE: SQL injection attack on House of Fusion > Does this thing just raise it's ugly head every now and then and go > away for a while? This is the first I have seen of it on my server. This is the first large-scale automated SQL injection attack. Automated attacks have been around for a long time, as have SQL injection attacks. Honestly, this current attack is just a nuisance. SQL injection attacks are usually more destructive, in that they often involve the theft of sensitive data. In those cases, of course, the attack is manual rather than automated. But if your site is vulnerable to this automated attack, it has always been vulnerable to these manual, destructive attacks - which may have already occurred without your knowledge. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311330 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
