SQL is a very popular language for manipulating databases, and it's practically a sure thing that you've accessed an SQL database server many times in your websurfing adventures. For instance, just this morning I took at look at the BAE Systems job search site, and got this:
Microsoft OLE DB Provider for SQL Server error '80040e14'
Incorrect syntax near the keyword 'AND'.
/includes/local_subs.asp, line 1586
Which means roughly "this SQL-based database query engine is busted; come back later".But back to SQL Injection - the problem is serious enough that that phrase has made it into the mainstream media - an article in USA Today describes the vulnerability in detail. The upshot for you, Dear Surfer, is to keep everything that you use to access web content updated with the latest patches - which is almost a job unto itself: the article mentions Internet Explorer, Firefox, Safari, Opera, Chrome, Adobe Flash, Adobe Reader, iTunes, QuickTime, Windows Media Player and RealPlayer. Most or all of those tools can be configured to check for updates, and more and more I'm turning that feature on. (Historically my philosophy has been "if it ain't broke don't fix it" in terms of software updates, but things have gotten to the point where I feel I just have to trust the vendors not to break stuff when they update their applications, in order to try to stay ahead of all of these vulnerabilities.)
No comments:
Post a Comment