Who's at fault for the ongoing, massive SQL injection attack now entering its third wave? Obviously the hackers trying to create their botnets. But beyond that, the makers of Web server software (like Microsoft) say that poor programming on the part of the user is what makes so many sites vulnerable. READ more about this on the Microsoft Subnet blog (including some scary new stats on botnets).
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, managed by editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
|
|
Microsoft has SOME responsibility
While I agree that us scripters are at fault to an extent (yeah, I got bit too...twice before I got it under control), if 500,000 websites have this problem (FIVE HUNDRED THOUSAND) then Microsoft should at least attempt to do something. Quoted from a quote in the blog listed in the comment above mine: Microsoft's Sisk reply stated, "The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies."
They are using that as an excuse NOT to do anything about a problem that they could do something about, when they are the most likely company to be ABLE to do something about it. They are relying on a white paper that 95% of those programmers don't know exists, when they could release something through their Update service to solve the problem. I guess it's just not profitable for them.