In the four years since I first began to run for Minnesota state representative, my web site technology had become dated. I chose to clear away all the old cruft and start fresh. For now, this new site will function as my personal blog for technology and social issues while I'm developing hoodbid.com. Today, I want to blog about the reasons WHY upgrading is so important.
Any good web administrator knows that badly outdated content management systems tend to have serious vulnerabilities. Popular security sites labeled remote buffer overflows the "attack of the 90s." We hardly ever see these attacks succeed today. Ever since AMD introduced the NX (No eXecute) bit to its AMD64 processors and Intel followed suit, these attacks have become quite rare.
Today, SQL injection attacks have replaced remote buffer overflows as the most exploited vulnerability of this decade. It seems like security patches come fast and furious against these attacks, but they do not arrive fast enough. While the most popular open source CMS programs quickly patch, many third party modules and proprietary CMS products stay vulnerable a long time. In the famous Anonymous attacks against HBGary, SQL injection was used against their custom CMS to gain access to their password database.
As hackers, we must never grow so enamored of our favorite products that we fail to provide constructive criticism. This applies to hardware as well as software. While there are valid complaints about web scripting languages, CMS systems, web servers, and database servers, I want to focus on something more fundamental--
Structured Query Language is becoming the Achilles heel of the Internet.