The Inquirer-Home

Lizamoon SQL mass injection attack hits Apple Itunes

Over 28,000 URLs affected
Wed Mar 30 2011, 12:27

AN SQL INJECTION CAMPAIGN has compromised over 28,000 URLs, including several belonging to Itunes, Apple's money-guzzling media player.

Lizamoon is a SQL injection attack, where hackers target the database backend of a website and execute unauthorised commands by taking advantage of insecure code.

Insecurity firm Websense said that according to a Google search, over 28,000 URLs have been compromised. It saw infected Itunes URLs that the media player will download from the publisher to update podcast and episode availability.

Websense security expert Patrik Runald said of the Itunes URLs, "We believe that these RSS/XML feeds have been compromised with the injected code. The good thing is that Itunes encodes the script tags, which means that the script doesn't execute on the user's computer."

Lizamoon sees the return of large-scale SQL injection attacks targeting badly coded websites. In worst case scenarios, SQL injection techniques can hit banks by finding a way through a network's firewall, stealing credit card information.

Two years ago, a hacker named Albert Gonzales was sent down for 20 years after being found guilty of masterminding a series of attacks using SQL injection, which included hacks of the retailer TJ Maxx and Heartland Payment Systems.

Apparently more than 130 million credit card numbers were stolen and resold in those attacks. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?