Alex Rothacker

By Alex RothackerDenial of Service (DoS) attacks are a common method used to take down Websites, servers, or even sections of the Internet. These attacks typically come in two forms: Distributed DoS (DDos) and DoS attacks. DDoS create a flood of traffic to a Website, server, or section of the internet that overwhelms it to a degree that it cannot function and eventually shuts down.  Regular DoS exploits a vulnerability in a Web server, database server, etc. to crash the server.

By Alex RothackerDatabase Management Systems (DBMS) have extended their capabilities far beyond simply serving as data storage and query systems. Contrary to what they were in the 1970

By Alex RothackerSince 2008, higher education institutions have experienced a staggering 158 data breaches resulting in over 2.3 million reported records compromised. In 2009 alone there were 57 reported data breaches, and year to date through July of 2010, there have already been 32 breaches.   

By Alex RothackerIn our last column, we focused on privilege escalation attacks, and the impact that this category of  SQL injection attacks can have on the database – particularly where specific database vulnerabilities exist, and can be exploited through the manipulation of privileges. Let’s look more deeply at how organizations struggle with the issue of extensive privileges assigned directly to users – or indirectly through user groups. We’ll address what can happen when database users are over-credentialed, and what should be done to ensure you are aware of all activity that is occurring in your environment.

By Alex RothackerPrivilege escalation attacks consist of exploiting a bug or design flaw in a software application to gain access to resources which normally are protected from an application or user. The result is that the application allows actions with privileges beyond an acceptable level for the specific user.  

By Alex RothackerSQL injection is the most common penetration technique employed by hackers to steal valuable information from corporate databases. Yet, as widespread as this method of attack is, a seemingly infinite number of ‘sub-methods,’ or variations of SQL Injection attacks can be carried out against the database.  

Guest editorial by Alex Rothacker Most users are aware of the risks connected to the default, blank and weak username/password combinations associated with most applications. Yet it amazes the research community that many companies still don’t heed the following simple advice:1) Don’t use easily guessed passwords. 2) Change the default credentials that ship with your apps, and 3) Please do not just leave the passwords blank!