Revision as of 19:30, 5 March 2011 by Chris
Injecting nonsense in your GRC tables !
On this episode we are joined by Justin Clarke, information security rockstar and well-known for his entertaining talks on SQL injection and his 2009 book "SQL injection: Attack and Defense" (published by Syngress). We discuss the in and outs of SQL injection and search for the reason why it is still the number one threat to web applications.
You can follow Justin at http://www.twitter.com/connectjunkie
Justin was so nice to offer us one copy of his book that we can give away to the first person who sends the correct answer to the following question to firstname.lastname@example.org :
In blind SQL injection, if you replace a string blah with blah' || 'blah and it still works, which database (or databases) would that suggest are present?
Ok, so we failed to announce the winner in Episode 7 due some logistical issues but we're proud to announce the winner here. (drumroll ...) The winner is Jonathan James from Sweden !!! Enjoy the book Jonathan !
Now, since multiple answers could've been correct we selected the first person to submit at least 2 possible answers. The answer we started from, as provided by Justin was : "Oracle, Postgres or Ingres (and possibly others)"
There are no specific rules for this giveaway other than that only residents of the EU are eligible. The most complete answer will be selected. If we have multiple correct answers the e-mail that arrives in our mailbox first will be the winner. Please include your full name and, if you have one, your twitter name. The winner will be announced on Episode 7, to be released in the week of February 22nd.
Chris was there and had an awesome time. the Chaos Computer Club conference is one of (if not the) oldest hacker conferences in the world and is getting better every year. If you weren't able to attend or watch the live streams, you can still get your geek on by watching the recorded presentations : http://events.ccc.de/congress/2009/wiki/Welcome
We discuss the impact of the 2010 bug on several technologies :