leyrers online pamphlet

What 20 Mio. Euros apparently can't buy ...

… is a database that’s immune to SQL injection attacks.

The European Telecommunications Standards Institute (ETSI) is a standardization organization of the telecommunications industry (equipment makers and network operators) in Europe, with worldwide projection. ETSI has been successful in standardizing the GSM cell phone system and the TETRA professional mobile radio system. Also, several standards regarding data retention were developed by ETSI. According to Wikipedia, ETSi hat a budget of over 20 Mio. Euros in 2005.

Apparently, that was not enough money to secure the database/application against SQL injection attacks. Try http://www.etsi.org/Application/Search/?search=’ and you get:

An unhandled exception occurred during the execution of the current web request

Nice to see, that Microsofts „Security Initiative” reached the well educated .NET programmers at ETSI.

Tagged as: , , , , | Author:
[Sonntag, 20080127, 21:49 | permanent link | 2 Kommentar(e)

default mäßig ist der debug parameter für detaillierte error messages sogar auf false (zumindest wars früher in asp.net so, es kommt nur der standard asp.net error, der ja auch durch eine freundliche meldung ersetzt werden sollte...), aber wenn sowas beim go live vergessen wird ist meistens alles zu spät und die app wäre auf php wohl kaum besser gelungen... :)

rolf 2008-01-28 22:30

Jup, PHP hätte sie da auch nicht gerechnet.

Aber ich hätte doch angenommen, dass die Auftragnehmer der ETSI Programmierer beschäftigen, die das MS Press Buch "Writing Secure Code, Second Edition" von Michael Howard und David LeBlanc gelesen hätten.

Martin Leyrer 2008-01-29 20:10

Comments are closed for this story.


Disclaimer

„Leyrers Online Pamphlet“ ist die persönliche Website von mir, Martin Leyrer. Die hier veröffentlichten Beiträge spiegeln meine Ideen, Interessen, meinen Humor und fallweise auch mein Leben wider.
The postings on this site are my own and do not represent the positions, strategies or opinions of any former, current or future employer of mine.
Impressum / Offenlegung gemäß § 25 Mediengesetz

Search

Me, Elsewhere

Tag Cloud

2007, 2blog, 2do, 2read, a-trust, a.trust, a1, accessability, acta, advent, age, ai, amazon, ankündigung, apache, apple, at, audio, austria, backup, barcamp, basteln, bba, big brother awards, birthday, blog, blogging, book, books, browser, Browser_-_Firefox, bruce sterling, buch, bürgerkarte, cars, cartoon, ccc, cfp, christmas, cloud, coding, collection, command line, commandline, computer, computing, concert, conference, copyright, covid19, css, database, date, datenschutz, debian, delicious, demokratie, design, desktop, deutsch, deutschland, dev, developer, development, devops, digitalisierung, digitalks, dilbert, disobay, dna, dns, Doctor Who, documentation, domino, Domino, Douglas Adams, download, downloads, drm, dsk, dvd, e-card, e-government, e-mail, e-voting, E71, education, Ein_Tag_im_Leben, elga, email, encryption, essen, EU, eu, event, events, exchange, Extensions, fail, fedora, feedback, film, firefox, flash, flightexpress, food, foto, fsfe, fun, future, games, gaming, geek, geld, git, gleichberechtigung, google, graz, grüne, grüninnen, hack, hacker, handtuch, handy, hardware, HHGTTG, history, how-to, howto, hp, html, humor, ibm, IBM, ical, iCalendar, image, innovation, intel, internet, internet explorer, iot, iphone, ipod, isp, it, IT, itfails, itfailsAT, itfailsDE, java, javascript, job, jobmarket, journalismus, keyboard, knowledge, konzert, language, laptop, law, lego, lenovo, life, links, Linux, linux, linuxwochen, linuxwochenende, live, living, lol, london, lost+found, lotus, Lotus, lotus notes, Lotus Notes, LotusNotes, lotusnotes, Lotusphere, lotusphere, Lotusphere2006, lotusphere2007, Lotusphere2008, lotusphere2008, lustig, m3_bei_der_Arbeit, mac, mail, marketing, mathematik, media, medien, metalab, Microsoft, microsoft, mITtendrin, mobile, mood, motivation, movie, mp3, multimedia, music, musik, männer, nasa, nerd, netwatcher, network, netzpolitik, news, nokia, Notes, notes, Notes+Domino, office, online, OOXML, open source, openoffice, opensource, orf, orlando, os, outlook, patents, pc, pdf, performance, perl, personal, php, picture, pictures, podcast, politics, politik, pr, press, presse, privacy, privatsphäre, productivity, programming, protest, public speaking, qtalk, quintessenz, quote, quotes, radio, rant, recherche, recht, release, review, rezension, rip, rss, science, search, security, server, settings, sf, shaarli, Show-n-tell thursday, sicherheit, silverlight, smtp, SnTT, social media, software, sony, sound, space, spam, sprache, spö, ssh, ssl, standards, storage, story, stupid, summerspecial, sun, surveillance, sysadmin, talk, talks, technology, The Hitchhikers Guide to the Galaxy, theme, think, thinkpad, thunderbird, tip, tipp, tools, topgear, torrent, towel, Towel Day, TowelDay, travel, truth, tv, twitter, ubuntu, ui, uk, unix, update, usa, usb, vds, video, videoüberwachung, vienna, Vim, vim, vintage, vista, vorratsdatenspeicherung, vortrag, wahl, wcm, web, web 2.0, web2.0, Web20, web20, webdesign, werbung, wien, wiener linien, wikileaks, windows, windows 7, wired, wishlist, wissen, Wissen_ist_Macht, wlan, work, workshops, wow, writing, wtf, Wunschzettel, wunschzettel, www, xbox, xml, xp, zensur, zukunft, zune, österreich, övp, übersetzung, überwachung

Blogroll

AFK Readinglist