Comments on: 5 PC Gaming Threats and How To Beat Them

By: hannah

hannah — Wed, 09 Jun 2010 04:00:52 +0000

thank you!

By: mguthrie09

mguthrie09 — Thu, 18 Jun 2009 15:31:46 +0000

IWearAWhiteHat —

You have a point; once a SQL injection attack is successful, the hacker has already gained access to whatever valuable data might be hosted on the server. This could be anything from usernames/passwords, account information, or personal information. It depends what the server was used for.

However, many times the hacker’s goal is to also propagate malware by adding malicious code to the website which is hosted on the server. In these cases, the exploit would most likely be blocked by a utility such as NoScript.

When it comes to hacked servers, it is the server admin who is responsible for fixing the issue. This leaves a legit site in a compromised state until the site admin is notified and is able to remedy the infection. In addition, site admins often do not notify their users that personal information might have been accessed, and therefore people are unable to take the necessary steps to protect themselves. Not a lot can be done to fix this, though users of sites that are attacked should be encouraged to be vocal on the site forum to alert others that their personal data may have been compromised.

MGuthrie
Webroot Threat Blog admin

By: IWearAWhiteHat

IWearAWhiteHat — Wed, 17 Jun 2009 21:19:26 +0000

Mike,

Do you think you can clarify your last point about defending against SQL injection attacks by switching to Firefox and using NoScript?

As I understand it (and you describe it), SQL injection attacks are run against a database hosted on a server, not a client or end-user. If such an attack is successful, the cracker is able to view or modify the data within that database, ranging from product pricing to username/password combinations and other personal information.

What I don’t understand is how a client-side change would affect this problem. If the attacker leveraged a SQL injection into forcing a legitimate server to host malicious JavaScript/Flash components, I can see your point. But if the only attack was a SQL injection, then the problem has to be addressed by the site’s administrators, not it’s users.

For the record, I do believe that we should all be using Firefox with NoScript (or something similar), just want to understand your post better.

By: Gamers: Fight the Phishers « Webroot Threat Blog

Gamers: Fight the Phishers « Webroot Threat Blog — Wed, 17 Jun 2009 20:03:01 +0000

[...] addition to the general advice we gave in an earlier post, there are a few things gamers can do [...]

By: If You’ve Got Game, Phishers Want Your Stuff « Webroot Threat Blog

If You’ve Got Game, Phishers Want Your Stuff « Webroot Threat Blog — Fri, 12 Jun 2009 17:28:38 +0000

[...] little effort for the jerks behind this scheme to retrieve thousands of account details. (We began covering this issue briefly last week.) With such an effortless infection method, and the difficulty of prosecution [...]