originally posted by: sparky31
seriously what you just said to me could have been written in russian and i would have understood it just as well lol
Attempting to translate from "Russian" to mundane rambling, though my php is a little rusty so some of this might not be exact. The language most web
servers run on is called php and code written in php runs on the server hosting the webpage, the server executes the code and then sends the results
of that code to a users web browser. You will occasionally see a website using a .php extension in the url. This means that webpage is using php.
An SQL injection is a common exploit where you take a webpage with a form that query's a database with that information. Because these forms involve
executing code, you can write your own code in the form submission box and make the server read it instead of what it's supposed to read. An analogy
would be if you're reading a paragraph in a book, and halfway through the paragraph the remaining sentences for you to read get changed on you to what
the attacker wants you to read.
Here's an example of an attempted SQL injection that's using OCR to read license plates and automatically assign tickets
i.kinja-img.com...
If that attack worked it would cause the city to lose their database of who owes what. I'm not sure if the image of that car specifically made a city
lose data, but it has happened a few times.
Websites themselves send data back to a server in two ways, the get method and the post method. The get method involves sending data through the URL,
in Stormcells example it's looking for user data on whoever has user 8493742934. Depending on how well set up your internet security is, someone can
make a script that creates that url with userid 1, then 2, all the way up to some arbitrary number, and just keeps attempting them until it finds a
userid where it gets some data.
SQL injections are common, and they're easy to stop but a lot of times the programmers are lazy or unaware and don't put in the necessary precautions.
Being unaware is the big one, in order to cut down on hacking atleast in the US most schools don't teach you how to hack, they just teach you a
handful of security precautions to defend against it. The problem is that's just telling you what to do without the why, and that causes information
to not stick as well, it's like telling someone to lock the door when they leave their house without ever explaining that things like burglars
exist.
originally posted by: chr0naut
What were they doing recording customer credit card details?
I'm not familiar with their business but if they have any type of recurring payment system then regardless of what the law says, that payment system
requires they keep the information saved so they can make another charge after x time.
edit on 26-10-2015 by Aazadan because: (no reason
given)