Mechanical

Bad Web site security

My agent sent me an email asking for a more information, so it looks like I still have a potential book deal. My coauthor appears to not have the time to commit to the project, though, so I don't know if I should see what's happening with him or just go it alone.

After I sent the information, they provided me with a link to where it was on their Web site. As this is an agency for author's who write highly technical computer programming books, one might think that they would be aware of technology issues. Nope. As it turns out, one of the forms on their site has a security problem that allows something called an "SQL injection attack". If you know SQL and a little bit about how the Web works, it's trivial to destroy their database or break into their Web site. I sent them an email describing the vulnerability, but I didn't do anything naughty other than uncover the security hole.

And people ask me why I don't shop online ...

  • Current Mood: amused amused
Mmmmmm.. book deals.. drools

(This drool brought to you by a fascination with entertainment law.)