Security and Privacy News

---

Half a Million Microsoft-Powered Sites Hit With SQL Injection

Slashdot posted a link to an article yesterday regarding a recent attack on approximately 500,000 websites via SQL injection that seems to be limited to Microsoft's IIS webserver.

The attack itself injects some malicious JavaScript code into every text field in a database which, in turn, loads another script that can compromise a user's PC.

According to Bill Sisk, Microsoft's Trustworthy Computing Response Communications Manager:

"Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov."

For details, see WIRED.

For other items, see the Security and Privacy News blog.

Key Resources:

Overview	Orgchart	Partners	Recent Pubs	Annual Report
News	Seminar	Research	Education	FAQ

• Resources for: Industry, Government, Faculty, Students & Staff
• TRUST Introduction (Powerpoint).
• Visitor parking, transportation, directions, lodging.
• Resources for TRUST researchers (presentation and poster templates, etc.).

How do I contact the Trust Center?
You are not logged in
Copyright © 2005-2008 TRUST