Hogwash (responding to the subject line.)
Anyone running a webapp that has any sort of credit card data with any sort of SQL backend MUST be actively checking for SQL injection opportunities (among many other things). Like Greg said, some PCI auditor's ass is on the line for this (among others, certainly.). And, the rest of us who are doing it right will pay for this in increased scrutiny by those who rarely understand the technologies they're auditing and new rules in scanning databases, and new PCI requirements. IOW, cost of compliance in the credit card arena just went up a few ticks.
|
|
|
Understood.
The Subject was a bit of snark on my part, a takeoff on Condi's famous line - http://www.salon.com...2005/09/14/planes
Cheers, Scott. |
|
|
:)
|
Citigroup hackers used trivial technique
- (jay)
- (14)
- June 15, 2011, 09:43:10 AM EDT
Are you kidding me?
- (malraux)
- June 15, 2011, 10:34:00 AM EDT
Nobody could have predicted an SQL Injection attack.
- (Another Scott)
- (9)
- June 15, 2011, 10:41:58 AM EDT
Re: Nobody could have predicted an SQL Injection attack.
- (malraux)
- (3)
- June 15, 2011, 11:29:24 AM EDT
Hmmm....
- (Another Scott)
- (2)
- June 15, 2011, 11:44:16 AM EDT
There is a difference...
- (malraux)
- (1)
- June 15, 2011, 11:41:30 AM EDT
Could be they only used it in some places.
- (Another Scott)
- June 15, 2011, 11:47:08 AM EDT
Calling this SQL injection implies too much skill
- (jay)
- (1)
- June 15, 2011, 01:12:44 PM EDT
No, they did that too.
- (malraux)
- June 15, 2011, 03:35:44 PM EDT
Hogwash (responding to the subject line.)
- (Steve Lowe)
- (2)
- June 16, 2011, 02:09:17 AM EDT
Understood.
- (Another Scott)
- (1)
- June 16, 2011, 10:15:02 AM EDT
:)
-NT
- (Steve Lowe)
- June 16, 2011, 08:34:22 PM EDT
I'd hate to be the PCI Auditors
- (folkert)
- (1)
- June 15, 2011, 08:11:42 PM EDT
Oooh... good point.
-NT
- (static)
- June 16, 2011, 05:12:48 AM EDT
Interesting comment to the legal folk
- (Ashton)
- June 17, 2011, 04:53:23 AM EDT