Via Alex Hern
on Twitter, we find that the Obamacare website has attempted website attacks in its
search box,
automatically prompted for you if you type or mistype the right letters or
punctuation. This tells us a few things:
there is a lack of polish in the Healthcare.gov website, there are many people
who want to break into the website, and there isn’t much confidence in the
security of the website. All of these things should be troubling to people with
data in that system.
For the
curious, let me explain what’s going on with these searches. These searches are
attempting variants on a website attack called an SQL Injection attack. SQL is
a programming language used very commonly for databases attached to websites,
storing information used by the site. Sites
that store information in databases need to take input from the user (such as a
URL, or a search box) and put that into a request to the database. The text
from the public has to go into the SQL. That’s a problem, because malicious
users who understand SQL could put SQL into their searches, running whatever
commands they want on the database.....To Read More....
No comments:
Post a Comment