Quote (Black XistenZ @ Aug 15 2018 10:10am)
the boy probably already has a job offer from the NSA for the day he turns 18.
Not really.
The big thing to learn from this is that SQL injection is both incredibly easy to do, and one of the first things even low level sysadmins get taught about security. SQL injection is quite simply the first step any hacker will take. What you try to do is just feed code into the website (usually in fields like search boxes or personal information).
An example of horrid Java:
Code
String query = "SELECT account_balance FROM user_data WHERE user_name = "
+ request.getParameter("customerName");
try {
Statement statement = connection.createStatement( … );
ResultSet results = statement.executeQuery( query );
}
query gets executed, and query has the "customerName" parameter as an unsanitized input. If someone inputs code into that field, it will just execute.
A more safe approach is seen below. custname is retrieved from the field, and is defined as a string variable. In this case the database would just try to find whatever matches the input in the database instead of executing code.
Code
String custname = request.getParameter("customerName"); // This should REALLY be validated too
// perform input validation to detect attacks
String query = "SELECT account_balance FROM user_data WHERE user_name = ? ";
PreparedStatement pstmt = connection.prepareStatement( query );
pstmt.setString( 1, custname);
ResultSet results = pstmt.executeQuery( );
However, vote tally counting websites I would not count as extremely vulnerable. The other hacks at Defcon that managed to gain access to the voting machines however, I do count as extremely vulnerable. Regardless of who you support, electronic voting is a mistake and will stay a mistake. There is no safe way. Paper ballots are the best at risk averting as you have to influence multiple people instead of just one firmware flaw. For fuck's sake, these machines are even connected via Wifi, which makes remote attacks a huge possibility.
-edit: I'll just add that there should be no way that government websites are still vulnerable to SQL injection. However, (local) governments are notoriously slow in adapting and changing. I've heard of local governments here who until recently had citizen data stored in plain text (on an offline machine, but still). There is a lot of ground to gain in security, especially for governments.
This post was edited by balrog66 on Aug 15 2018 04:42am