Here is the article on the Wired Magazine:
A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not necessarily Microsoft’s fault, it is unique to the company’s IIS server.
This is also including the department of homeland security!
Of course this method of attack could happen to any insecure web application whether it is using Windows or other platforms, but I think the Hackers are sending a message here:
That many web application developers who use proprietary platforms such as Microsoft SQL Database or servers aren’t doing a good job building secure systems! Could it be because in the proprietary world, developer’s don’t get to read other developers’ code in order to enhance their level of knowledge and skills and instead rely mostly on the training they receive from certificate programs and the school system?
Or could it be that in the proprietary world the source code of an application never gets to be reviewed by the community of developers, otherwise the security bugs would have been shallowed given all the eyeballs that are scanning the code over and over again?
[tags]security, microsoft, sql, injection, attack[/tags]