| |
Nokia Has Trouble With SQL Injections
By Qushawn Clark
Expert Author
Article Date: 2011-09-02
It seems that even companies that have money for brilliant security measures, are still vulnerable to attack.
Nokia has to shut down their developer forum after an attack of this type occurred and exposed member information.
For those of you who don't know, an sql injection is an attack where malicious code, in this case sql query, is inserted into strings to go into input fields on a given site. In a successful attack, the embedded command would not be stripped out, but instead be passed onto the database and return data not meant to be seen by end-users. This type of attack can only happen on sites that do not filter for escape characters or where types are not handled correctly, and can be avoided by paying attention to detail when building a database system.
It seems that attacks like this occur frequently at major companies that typically have a lot of ground to cover as far as security is concerned. The hacker, who is apparently based in India, accused Nokia of not taking their server security seriously enough, even though they are known to be the largest mobile phone maker in the world. Maybe the company will learn their lesson in the future and beef up their security.
About the Author:
Qushawn is a staff writer for the iEntry Network.
|
|
