SQL Injection

Vigilante or bug hunter?

A website is taken down after a vulnerability researcher discovers a way to extract customers’ personal details.

The media, however, describe him as a “vigilante”. And the website’s owner say it’s a “false alarm.”


All websites running WordPress urged to update NOW

Millions of websites running WordPress are being strongly urged to update to the latest version of the popular content management system as soon as possible, after a serious security vulnerability was uncovered.

Read more in my article on the We Live Security blog.


Over a million websites could be at risk from critical WordPress gallery plugin flaw

Many WordPress-powered websites use dozens of plugins from third parties, meaning it is just as important to keep them updated, and protected against security vulnerabilities as other software on your computers.

Read more in my article on the Tripwire State of Security blog.

Take care copy-and-pasting that code from Stack Overflow

Copy-and-pasting code without thinking can do a lot of harm.

Hacker downloads 2.2 million PLAINTEXT passwords from teen social site

An unknown hacker has downloaded 2.2 million plaintext passwords from a teen social site. To make matters worse, a further 3.3 million are up for grabs…

David Bisson reports.


Epic Games forums hacked again – over 800,000 gamers put at risk

More than 800,000 usernames, email addresses, and birth dates are thought to have been stolen by hackers from online forums run by Epic Games.

Read more in my article on the We Live Security blog.

TalkTalk hack. Police arrest fourth person, aged 16 years old

Another 16-year-old arrested as police round-up suspects in the TalkTalk hacking case.

VIDEO: TalkTalk hack. 15-year-old boy arrested

Police officers in Northern Ireland have arrested a 15-year-old boy in connection with the latest internet attack on British telecom provider TalkTalk.

Don’t forget – anyone building a business website who has not learnt about how to protect against SQL injection attacks probably needs to go back to the classroom themselves.

“Assume every unpatched website running Drupal 7 was compromised”

Content management system Drupal has issued a chilling public service announcement to website admins and internet users who might visit the hundreds of thousands of sites running its software.

Assume your Drupal 7 website is compromised unless you updated it to 7.32 before Oct 15th, 11pm UTC.

British man accused of hacking US military servers, planting backdoors

28-year-old man accused of exploiting vulnerabilities in Pentagon computer servers, and accessing information about military personnel.

LulzSec hacker pleads guilty to Sony Pictures attack, faces prison sentence

A former member of the LulzSec hacking gang has admitted to attacking the Sony Pictures website, and stealing the personal information of thousands of innocent individuals.

TinKode sentenced after hacking Oracle, NASA and others to expose weak security

The infamous hacker known as TinKode has been sentenced by a Romanian court – receiving a hefty fine and a suspended prison sentence.

Nokia developer network site hacked – personal information accessed

Nokia shuts down its developer network forum after a hacker accessed members’ records.