During a recent penetration test, I was hacking away at some packet captures and noticed unencrypted Microsoft SQL Server (MSSQL) traffic. The syntax was unmistakable. At first, I thought this might be a way to capture some authentication credentials. However, MSSQL...
In October 1995, I finally found my calling. What I found was SQL Injection, perhaps the most prevalent web site hack still alive and well twenty years later. However, what I discovered was that my calling is not about hacking websites, but rather hacking humans....
In the information security industry’s latest attention-grabbing headline, we have the tale of Charlie Miller and Chris Valasek hacking a Jeep Cherokee and disabling it while driving down the highway. You can read about this hack here. This is stunt hacking. That is,...
The boundary between right and wrong resists permanence in cyber-security. Hackers enjoy this ambiguity, as it makes the world of hacking exciting. In 1995, when I discovered SQL injection, I went on a website hacking spree for a few weeks. I would show off to my...
