Reply to post: Re: encryption doesn't help?

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

Adam 1

Re: encryption doesn't help?

> I was staggered to hear that this is apparently a SQL injection attack.

Er, you may not want to check out the OWASP top 10.

The worst part of most* SQL injection attacks is that you can use Google to find web pages that are build with frameworks that don't support paramaterised queries. Once you find one, there are programs that automate the data extract.

* OK, I can't prove this represents most, but it is tremendously easy to find and there are a lot of them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021