Week 11

SQL injection is a technique where someone uses the URL of a website to inject SQL queries and establish information about the SQL database that the application runs off of. Once the information is gathered it is possible to launch more attacks. Using this technique, you can get usernames and passwords and then go further from that point. Someone could get any information from the table if they’re able to properly guess what the column or row heading might be.

Question for the class. How would you prevent against this type of attack?

Article: http://www.zdnet.com/article/dark-mail-debut-to-open-door-for-lavabit-return-ladar-levison/

The same guy behind Snowden’s encrypted email service is working on a new set of protocols and software from the ground up to create a new surveillance proof service for security minded individuals. This is an interesting project and will further the conversation about what information companies are responsible to provide authorities, how we go about obtaining data from emails etc.