Comments on: Unu Cracks a Wall Street Journal Conference Site, Not WSJ.com

By: Jacqulyn Seeds

Jacqulyn Seeds — Thu, 15 Jul 2010 01:55:30 +0000

We really enjoy what you write about here. We try and visit your blog every day so keep up the good writing!

By: Praetorian Prefect | Intel Breach Reveals Passport Information

Praetorian Prefect | Intel Breach Reveals Passport Information — Wed, 23 Dec 2009 05:28:11 +0000

[...] vulnerabilities on major sites including recently two Kaspersky international properties and a Wall Street Journal conference site has demonstrated an attack on an Intel web property, [...]

By: Prefect

Prefect — Sun, 06 Dec 2009 22:26:09 +0000

Dave - Well, its a good tool for finding SQL Injections on MySQL. The pattern of requesting concat(user,0×3a,host,0×3a,password) matches what the schemafuzz tool does. The ordering, check for load_file first, is how the schemafuzz tool works also. That said, we can't guarantee it was that tool, we just think it was, so we mention it.

Now that we answered your question, can you answer one for us?

Why do learning disabled jackasses post comments on blog posts asking stupid questions and making asinine suggestions?

By: DAve

DAve — Sat, 05 Dec 2009 20:36:50 +0000

"What tool did Unu use to find this SQL Injection vulnerability? It could be rsauron’s schemafuzz.py based on the ordering of the screenshots Unu provided and the way the URL is constructed in those screenshots"

Why u talk if you don't know ? :) Please ,shut up.

P.S.: I was dropped on my head as a child.

By: Steve R

Steve R — Fri, 04 Dec 2009 14:09:47 +0000

Nice breakdown. I'm still waiting from the WSJ communications people to get back to me. However, like before, I'm going to move your comment up to the article as a brief update.

-Steve

By: Rob

Rob — Fri, 04 Dec 2009 11:33:54 +0000

Great analysis & absence of hyperbole for a pretty high profile site hack. Thanks.