sql injection
My work study this summer is an internship with the campus computer network. I basically get to help out with anything they may need in terms of busy work and they will show me how the whole system works from a code perspective. I think that I will gain a lot of experience from this summer because they are running a system that is constantly updated and actually develops new technologies.
I finished my first week yesterday and it was pretty darn interesting. They were installing and formatting a new security scanner program because last year there had been a lot of security breaches. The mode that had been used the most was something called an sql injection which was basically invading the system every single time a handful of students would log in to their personal web space. The hackers then went in to the system and changed a bunch of programs. That is why we had all of those random days where the whole network would be totally shut down and the university would come to a halt. They also used their access to send out a bunch of e-mails that opened doors for them to come easier.
We spent this whole week trying to load and scan the entire system. Every day we would go through a different area of the network and do a very picky scan. Every single piece of information inside the system that ws not put there by the web masters was immediately deleted. So every student who comes back in the fall is going to have a rude awakening when they find that all of their e-mail and course files saved online have been erased. I don't feel too bad about having to do it though because it would have been just as evident to me today how much damage there had been done even without three years of school. It was actually sort of comedic to see how much they had taken over. At the peak of the problem they had actually sucked in about three thousand students in to their little network of destruction within our network of instruction. Sort of funny when I put it that why right?