Intology – Intelligent Technology News
Computers Technology Internet Arts Business Science Sports

According to an anti-virus firm Sophos, Sony PlayStation USA website came under SQL injection attack this week.

Hackers embedded a tiny piece of malicious JavaScript code into some of the pages which showed pop-up advertisements to users asking them to buy an anti-virus software that does not work.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Graham Cluley, senior technology consultant at Sophos said:

Obviously some people can be fooled into [buying] these sorts of things. There’s underlying infrastructure here that Sony and many other websites need to fix. We’ve seen thousands upon thousands of examples of this. If you’re running an SQL database on your website, have you secured it?

Normally these type of attacks insert IFRAME code into compromised website which when visited by a user, works in background to pull the malicious content from the hacker site.

Some of the most famous examples if websites hit by SQL injection are when in June 2007 hackers defaced Microsoft U.K. Web Page using SQL injection which was later acknowledged by Microsoft. In another case the United Nations web site was defaced using SQL injection in August 2007.

Sony has now appeared to fix the SQL injection code although its spokerperson was not available to comment.