Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. The Lounge
  3. Nokia's developer network hacked

Nokia's developer network hacked

Scheduled Pinned Locked Moved The Lounge
csharpdatabasecomsysadmintools
17 Posts 15 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • RaviBeeR RaviBee

    Clickety[^] Another SQL injection attack. :| /ravi

    My new year resolution: 2048 x 1536 Home | Articles | My .NET bits | Freeware ravib(at)ravib(dot)com

    OriginalGriffO Offline
    OriginalGriffO Offline
    OriginalGriff
    wrote on last edited by
    #8

    I think the problem is that they don't seem to teach anything about injection attacks on IT courses any more - they just seem to go "Here is a SELECT statement, now lets move on". Certainly the number of Q&A questions that leave massive security holes is not reducing. Teach the little buggers about Parametrized queries from day one! Or are all lecturers too damn lazy to bother? Sorry, but SQL injection attacks are one of my personal bugbears...

    Real men don't use instructions. They are only the manufacturers opinion on how to put the thing together. Manfred R. Bihy: "Looks as if OP is learning resistant."

    "I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
    "Common sense is so rare these days, it should be classified as a super power" - Random T-shirt

    G 1 Reply Last reply
    0
    • L leppie

      I got a mail from them this morning: "We are not aware of any misuse of the accessed data, but we have identified that your email address was in one of the records accessed, though it contained none of the optional information, so we believe that the only potential impact to you may be unsolicited email. Nokia apologizes for this incident."

      ((λ (x) `(,x ',x)) '(λ (x) `(,x ',x)))

      0 Offline
      0 Offline
      0bx
      wrote on last edited by
      #9

      "We noticed someone has copied your passport. We believe they're just trying to forge a passport with your name on it and sell it on the black market. The only potential impact to you may be additional security checks at the airport, so it's no big deal really. Oh by the way, we're sorry."

      Giraffes are not real.

      1 Reply Last reply
      0
      • G GuyThiebaut

        Ravi Bhavnani wrote:

        Another SQL injection attack. :|

        I am amazed at how this can still happen nowadays... Unless SQL injection attacks have become more sophisticated - allowing this sort of backdoor is breaking the dumbass website 101 security checklist... in my opinion...

        Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
        T Offline
        T Offline
        Tech Code Freak
        wrote on last edited by
        #10

        Agreed!

        1 Reply Last reply
        0
        • OriginalGriffO OriginalGriff

          I think the problem is that they don't seem to teach anything about injection attacks on IT courses any more - they just seem to go "Here is a SELECT statement, now lets move on". Certainly the number of Q&A questions that leave massive security holes is not reducing. Teach the little buggers about Parametrized queries from day one! Or are all lecturers too damn lazy to bother? Sorry, but SQL injection attacks are one of my personal bugbears...

          Real men don't use instructions. They are only the manufacturers opinion on how to put the thing together. Manfred R. Bihy: "Looks as if OP is learning resistant."

          G Offline
          G Offline
          gavindon
          wrote on last edited by
          #11

          I'll have to say, I never even heard the words "sql injection" during ANY of my classes... you might indeed have a point.

          Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. Be careful which toes you step on today, they might be connected to the foot that kicks your butt tomorrow. You can't scare me, I have children.

          L 1 Reply Last reply
          0
          • T tgrt

            GuyThiebaut wrote:

            I am amazed at how this can still happen nowadays...

            From a developer perspective I am, but from a business perspective I'm not amazed for a second. Pay for the cheapest instead of a professional and that's what happens to you.

            A Offline
            A Offline
            Albert Holguin
            wrote on last edited by
            #12

            Very true...

            1 Reply Last reply
            0
            • G GuyThiebaut

              Ravi Bhavnani wrote:

              Another SQL injection attack. :|

              I am amazed at how this can still happen nowadays... Unless SQL injection attacks have become more sophisticated - allowing this sort of backdoor is breaking the dumbass website 101 security checklist... in my opinion...

              Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
              R Offline
              R Offline
              Rage
              wrote on last edited by
              #13

              GuyThiebaut wrote:

              I am amazed at how this can still happen nowadays...

              Have you been to Q&A recently ? The people asking question there are the same that are supposed to understand what SQL injection is and how to protect their code against them. Still amazed ?

              1 Reply Last reply
              0
              • RaviBeeR RaviBee

                Clickety[^] Another SQL injection attack. :| /ravi

                My new year resolution: 2048 x 1536 Home | Articles | My .NET bits | Freeware ravib(at)ravib(dot)com

                Q Offline
                Q Offline
                QuiJohn
                wrote on last edited by
                #14

                Isn't the "Nokia's developer network" now MSDN? Since they've switched to WP7 and all...

                1 Reply Last reply
                0
                • RaviBeeR RaviBee

                  Clickety[^] Another SQL injection attack. :| /ravi

                  My new year resolution: 2048 x 1536 Home | Articles | My .NET bits | Freeware ravib(at)ravib(dot)com

                  G Offline
                  G Offline
                  Gregory Gadow
                  wrote on last edited by
                  #15

                  I don't think anyone posted this yet to this thread: xkcd: Exploits of a Mom[^]

                  1 Reply Last reply
                  0
                  • G gavindon

                    I'll have to say, I never even heard the words "sql injection" during ANY of my classes... you might indeed have a point.

                    Programming is a race between programmers trying to build bigger and better idiot proof programs, and the universe trying to build bigger and better idiots, so far... the universe is winning. Be careful which toes you step on today, they might be connected to the foot that kicks your butt tomorrow. You can't scare me, I have children.

                    L Offline
                    L Offline
                    lewax00
                    wrote on last edited by
                    #16

                    gavindon wrote:

                    I never even heard the words "sql injection" during ANY of my classes

                    It's true. All I know about sql injection I've learned from the internet...

                    1 Reply Last reply
                    0
                    • RaviBeeR RaviBee

                      Clickety[^] Another SQL injection attack. :| /ravi

                      My new year resolution: 2048 x 1536 Home | Articles | My .NET bits | Freeware ravib(at)ravib(dot)com

                      Sander RosselS Offline
                      Sander RosselS Offline
                      Sander Rossel
                      wrote on last edited by
                      #17

                      And so easy to prevent! Simply check if the sql statement to execute contains the words table, drop, delete, select... ;P

                      It's an OO world.

                      1 Reply Last reply
                      0
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes

                      • Login
                      • Don't have an account? Register
                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • World
                      • Users
                      • Groups