Election Injection

Setting politics aside (Lord knows I’d like to), this ABC 7 Chicago news story covers how Russians hacked the Illinois State Board of Election in 2016:

SQL, an acronym for Structured Query Language, is a database programming language. An “SQL injection” is a common piece of cyber-trickery used to illegally gain access to government, financial, business and private computers. Experts estimate that 8 of every 10 data breaches occur as a result of SQL injection.

Cyber-trickery.

“Processor usage had spiked to 100% with no explanation” state investigators determined. “Analysis of server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of the Paperless Online Voter Application (POVA) web site” they said.

I see.

The official report (PDF) is pretty light on details, but yeah…SQL injection.

I know, dear reader – you think everyone knows about SQL injection today, but have you had the talk with your developers recently? Why not schedule a lunch-and-learn and watch Bert Wagner’s GroupBy video demoing SQL injection?

Previous Post
Announcing “Great Post, Erik” – A Book of Erik’s Best Work
Next Post
How to Test Disaster Recovery Before You Go Live

7 Comments. Leave new

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
{"cart_token":"","hash":"","cart_data":""}