War Searching
Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually manipulate the numerical gobbledygook at the end of some URLs to cause certain database programs to cough up data users aren’t authorized to see–a technique called SQL injection. In the white paper, programmers at Imperva detail their discovery that it is possible to use automated search-engine-like software to compile a list of every URL within a site that may be vulnerable to SQL injection, then use related tools to launch actual attacks against those addresses.
The Imperva engineers estimate that a hacker using this technique, which they dub “War Searching,“ would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet. The company’s main goal: to warn information technology managers that SQL injection attacks can be carried out automatically, not just manually.
Download the Imperva white paper here.
Keep Reading
Most Popular
Forget dating apps: Here’s how the net’s newest matchmakers help you find love
Fed up with apps, people looking for romance are finding inspiration on Twitter, TikTok—and even email newsletters.
How AI is reinventing what computers are
Three key ways artificial intelligence is changing what it means to compute.
These weird virtual creatures evolve their bodies to solve problems
They show how intelligence and body plans are closely linked—and could unlock AI for robots.
We reviewed three at-home covid tests. The results were mixed.
Over-the-counter coronavirus tests are finally available in the US. Some are more accurate and easier to use than others.
Stay connected
Illustration by Rose WongGet the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.