SQL attacks are the most common way hackers gain access to websites and have been attributed to some of the most high profile breaches in recent times.
THE SECURITY COMMUNITY is divided about the recent arrest of a security researcher who hacked into the website for the elections division of a county in Florida. The question is whether he deserved to be arrested as a criminal hacker, or was rather doing a public service by exposing a vulnerability that gave anyone access to the credentials of the site’s administrator. Not in question, however, is the sophistication of his attack. It’s unanimous that the SQL injection method he used to expose the credentials—the security community pronounces it both as “ess-que-el” or “sequel”—is one of the most basic and oldest tricks hackers use to get into websites and the contents of backend databases connected to those sites. Those databases can contain Social Security and credit card numbers, health records, or a host of other sensitive data.