Regardless of how vulnerable the site was to SQL injection
it is ultimately the responsibilty of the morons who did this. Leaving my door unlocked may be foolish, but it doesn't make it okay for someone to walk in and wreck my stuff.
Add the webpages for the Phoenix Mars Lander to the list of high-profile sites that have been hacked by script kiddies. Not once, but twice. Security pros had to take down the University of Arizona-hosted site after hackers replaced the lead blog entry with graffiti that read "hacked by VITAL." As if that wasn't enough, …
That is because the terms script kiddie and hacker are being used together; that is an oxymoron.
And of course there is artistic license, because later we find the crackers are claiming to be hackers; but what do these script kiddies know, they could be claiming to be the love children of Turing and Von Rossum, it does not make it true.
SQL injection is not hacking, and the security pros are not pros if they have claimed a site to be secure that is vulnerable to SQL injection.
As to the problem of SQL injection, well if you know your stuff it is not hard to stop it.
It is only set to get worse though, as more fuzzers start to come online.
Come on. We are talking script kiddies here. They have no real hacking ability. All they can do is leech of someone elses work then claim the "glory". But, as we all know, they are nothing more than spotty faced, socially challeneged, unlikely to get laid nothings who can only get their jollies by waving their tiny, flaccid e-peens around as though they actually have a skill, instead of using some crap "toolkit" that they downloaded using mummy and daddies credit card and probably ending up with their and their families computers being rootkitted into the bargain.
Your analogy; ("Leaving my door unlocked may be foolish, but it doesn't make it okay for someone to walk in and wreck my stuff.") doesn't quite work The website is more like a sports centre , it is intended that people visit. This "visit" by the intruders is more like a bloke in cartoon burglar costume wandering around the changing room with a notice saying "How safe is your wallet? i walked through the staff entrance dressed like this unchallenged."
I wonder if www.airheads.org/daftslappper/colchesterhappyeater is as vulnerable
Reduce the chance of a drive by... use NoScript and firefox.
These kiddies really are poor "hackers" if all they did was tag the site.
If I had broken into the Phoenix site I would have changed the front page to announce that intelligent life had been found on the surface - then sat back and watched various news services embarrass themselves by publishing the info!
At the end of the day it's just not right, that's the problem today. Some people do not exhibit any form of self conciousness and feel what they do is OK regardless of how it effects others.
They should be locked up and dealt with for many years, after several thousand have done this the message should then sink into their little script kiddie brains and act as a deterrent to others.
Mine's the one with the handcuffs
AC, I'm afraid Reg readers generally would find that OK. It'd be your fault for leaving your door unlocked, and you'd deserve it. In fact, you shouldn't even be allowed to have a house by their standards. And going by the comments on this particular thread, even if you had secured your house as best you could, anyone breaking in would actually be their hero if he'd hand-crafted some burglary tools instead of picking up a brick someone else had made to break a window. Obviously, that particular window would have to have a dodgy alarm on it or whatever, to pre-empt smartarse comments about it not being totally secure etc. etc. Oh, and the guys here, were they criminally inclined, would of course have produced the materials for the tools themselves blah blah blah ...
Running a browser that, without asking my permission, downloads files or blindly allows well known iframes hacks and who's designers can't be bothered to actually fix the problem ain't going to hunt.
But then again, what else do you expect from a company whose product sells pretty much because it is nothing more than eye candy. Why buy Mac when you can get more for less with a PC and Linux?
And if this browser is so good, why did crApple feel the need to forcibly and fraudulently install it on the computers in a failed attempot to boost it's pathetic 1 to 2% market share. Somewhat ironic since crApple are claiming a 7%+ market share, which means that the vast majority of crApple users are installing Firefox rather than using Safari on it's native platform. Speaks volumes.
Opera? Why install bloatware? I want a web browser to browse the web, not do email, etc. Bollox to apoplication convergence. They are always a compromise.