Half A Million Microsoft-powered Sites Hit With SQL Injection

[Guest]

A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.

Half A Million Microsoft-powered Sites Hit With SQL Injection : Read more

 

[Guest]

What do you mean "Not microsoft's fault" ???
Since when microsoft software security is not microsoft's problem anyway?

 

[Guest]

Is someone throws a rock through a car window is it Honda's falt for not using stronger glass? At a certain point you have to draw the line and say, really, this is the fault of the person throwing the rock. Now if Honda sold you a car with no locks on the door whos falt would it be... still not Honda; that would be the fault of the person who bought the car! The owner is responsible for making sure they are buying a product that's sutable for their needs. Ok, so IIS isn't bullet proof but all the basic locks are there. If you need really high security then run something else! Don't blame the person who made the product. If it doesn't suit your needs then don't buy it! If it does suit your needs then do buy it. If the manufacturer lied to you about what the product can do that's one thing, but IIS has been around long enough that it's benifits and limitations are fairly well known!

 

[aevm]

LOL. This is nothing to do with Microsoft, it's all in the Web applications. The attack would work just as fine against a site hosted on Linux/Apache/MySQL. The problem is that incompetents wrote Web apps and forgot to verify inputs. This is explained in tons of programming books....