Progress was made on Monday in mitigating thousands of SQL-based Web sites injected with malicious Javascript code, however, one security expert says that we can expect to see more such attacks in the near future.

A traditional SQL injection attack allows malicious attackers to execute commands on an application's database by injecting executable code. "What's different about this latest attack," said Jeremiah Grossman, CTO of White Hat Security, "is the size and the level of sophistication." In the past attackers have gone after a small niche of the Internet--say travel sites or sports sites--but with this latest attack, attackers have a generic way to blast the Internet, and they've chosen to attack sites running MS-SQL.

Full Article

Microsoft, SQL Server, Database Server, Web Server, Hacking, Intrusion, Security