Open Cloze
Gap-fill exercise
Fill in all the gaps, then press "Check" to check your answers.
Yahoo Stuck Without SQL Injection Antidote
An SQL injection
hackers access to hundreds of thousands of Yahoo users' email addresses and passwords,
were promptly posted on the Web. Security wonks
Yahoo through the wringer for it, saying SQL injection defense should be
of any decent set of security measures.
, the FTC swatted Google, Amazon smartphone rumors bubbled
, and RIM took
an angry crowd of shareholders.
The term "SQL injection" sounds pretty scary --
of medical, painful, maybe even lethal. And it can be, for websites that fall
to it. It involves tricking a site
forming a rogue SQL command that prompts a database to deliver its contents right into the
of the attacker. If it's successful, a hacker can
access to a ton of sensitive information.
The
side of SQL injection is that it's not exactly cutting
. It's something security pros have seen time and
again, and they've developed a
set of precautions and best practices websites can follow in
to protect themselves.
Unfortunately, Yahoo apparently wasn't in the
of following those guidelines.
The company recently confirmed
nearly half a million unencrypted email addresses, complete
passwords, had been
into the hands of hackers by
of Yahoo's Voice website. The hackers then posted the information publicly as a sort of shame-
-you directed
Yahoo.
Security gurus were quick to jump
the company's throat
its poor hygiene. SQL injection is not some mystical, esoteric act of cybersorcery that nobody
understands. It may not be literally the
trick in the book, but it's old and well-
enough that Yahoo is getting pummeled for falling
it.
Obviously, Yahoo users should change
passwords ASAP. As with any email and password
, it's not just your email that's
risk -- if you use the same combo
any other site, that account's security has been compromised
.
FTC Polishes Its Paddle
The U.S. Federal Trade Commission is
ready to bend Google over its
and give it a $22.5 million spanking
the search company's apparent habit of violating the privacy of people
use Apple's Safari Web browser.
Although it's the biggest fine
levied by the FTC, that $22.5 million paddling is unlikely to cause Google
real and direct financial pain. To stretch the analogy
past its breaking point: Everything about Google is big, even its
end, and the FTC's tiny little hands won't raise so
as a welt.
But
if the fine itself doesn't hurt, it's not exactly a mark of pride
Google to be called out in
a way. It's now the holder of a pretty notorious record,
for a company so often suspected
playing fast and loose with privacy, always while wearing that "don't be evil" halo it crowned itself
.
For the FTC, getting Google to settle for
is by the commission's standards an enormous fine is a big win
its reputation. Critics of the commission have
needling it for years for what they claim is a soft stance
consumer privacy. And they'll probably keep saying that, but
at least the FTC can counter that it showed its
that one time. And
companies tempted to disregard user privacy might sit
and take notice, especially if their pockets aren't nearly
deep as Google's.
So what did Google do to get itself into this
in the first place? According to privacy watchdog groups, it
circumventing certain settings in Apple's Safari browser
insert cookies in users' machines
permission. Google claimed it was all a big mistake, that they never meant to do
. But that argument apparently didn't score many points
the FTC. And given the post-Google Buzz consent agreement the company signed
the commission that allowed for fines of up to $16,000 per violation
day, perhaps Google decided it would be smart to cap it at $22.5 million while it still
the chance.
Adapted and abridged from: technewsworld.com, July 14, 2012.
Check
Hint
OK