War Searching
Imperva, a software company that helps other companies such as e-retailers protect their Web-based programs against hackers, released a white paper this week detailing a new weakness in such programs. Security experts have long known that it’s possible to manually manipulate the numerical gobbledygook at the end of some URLs to cause certain database programs to cough up data users aren’t authorized to see–a technique called SQL injection. In the white paper, programmers at Imperva detail their discovery that it is possible to use automated search-engine-like software to compile a list of every URL within a site that may be vulnerable to SQL injection, then use related tools to launch actual attacks against those addresses.
The Imperva engineers estimate that a hacker using this technique, which they dub “War Searching,“ would find 10,000 to 10,000,000 times as many points of vulnerability as a typical worm program wending its way across the Internet. The company’s main goal: to warn information technology managers that SQL injection attacks can be carried out automatically, not just manually.
Download the Imperva white paper here.
Keep Reading
Most Popular
Large language models can do jaw-dropping things. But nobody knows exactly why.
And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.
OpenAI teases an amazing new generative video model called Sora
The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.
Google’s Gemini is now in everything. Here’s how you can try it out.
Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.
This baby with a head camera helped teach an AI how kids learn language
A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.