Massive Attack:

[TheHalf™]

Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection
By Scott Gilbertson

A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not Microsoft's fault, it is unique to the company's IIS server.

The automated attack takes advantage to the fact that Microsoft’s IIS servers allow generic commands that don’t require specific table-level arguments. However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.

Full story----> http://blog.wired.com/monkeybites/2008/04/microsoft-datab.html

Link for Firefox 'No Script' http://noscript.net/

Link for Firefox installation http://www.youtube.com/watch?v=BKW5SMvMKtY

TheHalf™