What is a SQL Injection attack...well tech folks know what it is...and the severe data damage that can occur...another good reason for 3rd party security solutions, especially if you are running a hospital network... MSDN resources here....and for those reading this blog that have no idea what all this is about, Channel 9 did a video which is also entertaining, but makes the point of what this type of data breach could lead to...the average layman can watch and get the idea here with a mock up of a SQL Injection attack and see how serious it could be with a scenario in Las Vegas where this type of attack was used....BD
There is an Eastern European website/blog offering a set of sites that have been 'hacked' and are being sold to anyone who wants to 'take-over' the site for $7 to $10. One of your sites is on the list. You may want to scan this site for possible SQL injection vulnerabilities/attacks. I did not want to pass along my credit card number to a hacking site, so I asked our security consulting firm, Third Brigade to check it out.
Users who visit one of these infected websites may unknowingly execute malicious code. This code attempts to exploit known vulnerabilities for which patches are available but may not have been applied to the victim's system. Once the code executes on the desktop, specific malware is downloaded which sends passwords and other sensitive information to the attacker......Step 7: The attacker has sensitive information and has complete control of the desktop