TL;DR version: A fairly large vendor leaves SQL injection vulnerabilities in about 100,000 websites. A security researcher notices, and alerts the vendor and a few of the largest affected sites. The vendor gets upset that the sites were notified. Researcher then finds out vulnerability was made public in 2010.
There have been no hacks of these websites.
So neither the vendor not their clients care about security, leave a vulnerability open for years and NOTHING HAPPENS.
Msg#: 4627685 posted 11:55 pm on Dec 4, 2013 (gmt 0)
One of our data centers was contacted and sent a vulnerabilty test report on a client site. The data center took our server offline without contacting us... probably because they had not updated their contact details since we restructured. In fact our mail server became theirs when we migrated internet customers to their service so why didn't they have the new contact info on record.
Well they misread the report completely which was actually from tests using a vulnerability scanner and the sender's intention was to disrupt services provided to an online college in Malaysia.
It was nothing more than a report and if anyone has ever used such vulnerability software then they will know that no site passes those tests. Also, no sites on that server have ever been exploited.
Luckily we noticed the server offline and followed it up. But suffering references to our owned server as a "spammy service" by staff who cannot read properly or don't know the differenece between spam and SQL injection tests left us wanting to find an alternative data center.
So when one refers to "SQL injection vulnerabilities" and in the same breadth that "there have been no hacks of these websites"... just what is the fuss?
Msg#: 4627685 posted 3:51 pm on Dec 5, 2013 (gmt 0)
They may have been. Hackers are getting very sneaking in the way they try to infect a user now. I was asked to look at a website to see why is had tanked.
It is an identify theft protection service.
Looking through the site all of a sudden I am alerted to a Trojan download. It seems the attacker has the download set to not download until a number of pages have been viewed, probably has the Google Bot blocked from the exploit and the owners IP as well blocked.
Now I have to run an scan to make sure noting got through, and reframe from any passwords etc until it is done.