Source

By John Leyden

A lack of security controls allowed hackers to "wipe" the Recording Industry Association of America's (RIAA) website on Sunday.

The existence of an SQL injection attack on the RIAA's site came to light via social network news site Reddit. Soon after hackers were making merry, turning the site into a blank slate, among other things.

The RIAA has restored RIAA.org, although whether it's any more secure than before remains open to question, TorrentFreak reports.

The RIAA's high-profile lawsuits against file sharers have made it a prime target for hack attacks, so its apparent failure to apply rudimentary security controls looks especially dumb even though, as with most such attacks, little damage was actually caused.

In other hacking news, the Church of Scientology's website reportedly came under attack last week, leaving it unavailable for parts of the weekend.

The attack was reportedly an act of hacktivism prompted by the organisation's attempts to pull a promotional video featuring Scientologist Tom Cruise from YouTube. YouTube pulled the clip, but the material has since resurfaced on Gawker.com.

Ya Tom Cruise is a freak, but have you ever listened to L. Ron Hubbard? Now that guy was nuts! However, that didn't stop him from writing some pretty decent sci-fi (and starting a popular pseudo religion either apparently)

It's odd. I was just brushing up on SQL injection exploits of PHP and ASP based sites with MySQL database.

There are even various videos SHOWING you how to do the SQL injection, and the voice on one sounds like a five year old child.

It's not rocket science, and though I hate the RIAA, I've decided I'm not a fan of site hacking.

I've had sites hacked through the SQL injection, and it's usually some child in Czechoslovakia or Hong Kong with more time on his or her hands than IQ points on an IQ test.

I really don't consider these real hackers in the "old school" sense.

They are more script kiddies than anything else.

I mean, is the following "rocket science" or cracking like the X-Force team used to do? NOT!

Example
'OR 1=1--

another is
' OR 1=1#

As for Scientology..
NE1 wanting to know the truth...
read the book by the founder's son,
L. Ron Hubbard, Messiah or MADMAN
by L. Ron. Hubbard,Jr.

This is funny especially seeing as not too long ago, me and a friend of mine (who shall remain nameless) was professing his undying love towards mysql, claiming how stable and reliable it is and yada yada yada. lol

MySQL is a nice idea but it's extremely buggy. Aside from personal experiences -- there have been countless report
s over the years about the failings of mysql -- failings that were not the result of hackers but just bugs in mysql itself.

I've seen a lot more softwares going flat-file based lately because of mysql flaws. Flatfile databases can be fast and efficient if they are structured right. Plus -- they don't require any other servers (like mysqld, etc..) than just the web server itself.

Even DMusic has had mysql issues as of late. I'm sorry but mysql in general just does not seem to be the best available database solution.

As far as the RIAA -- yeah, they've got it coming. That and a lot more. It's fun to watch. I look forward to these articles as much as others might look forward to reading the Sunday comics. lol

-Dave

Open source MySql was recently bought by Sun, so look for changes.
http://codehappy.wordpress.com/2008/01/16/mysql-bought-by-sun/

I'm not a fan of web-page hi-jacking either, even when the target is the RIAA.

As for what database solution is best, I haven't a clue. All that stuff is really beyond my capability, but I do know that the reason for using MySql (or whatever) is that it is so damn time consuming to structure databases on your own when there is a large amount of data. Plus, if you need to change things around later on... sheesh, what a headache.

I've always considered most hacking to be the digital version of keying someone's car...a very childish, useless act.