Intternet Security

Hacking has become a big problem concerning Internet security, one that even affects the government and other high security computer networks. Hacking attacks can range from mildly annoying or just disruptive, or they can threaten finances and even the security of people and the country. It may not be possible to completely eliminate any hacking risks, but there are steps that you can take to increase your Internet security, and minimize the risks of a hacking attack being successful. One tip is to be skeptical about what you read and see online. There are many sites or advertisements that promise you money or other benefits that sound too good to be true, and they usually are. Many times these sites will have viruses, spyware, or other malicious software programs that install on your system and make it vulnerable to hacking.

Do not open any attachments or files in your e-mail if you do not recognize the sender. Some viruses and hacking attempts use e-mail to get around your Internet security measures. A hacker may attach any type of harmful software as an attachment and then mass mail it to a large number of people. It is a good idea to use an anti-virus software program to scan attachments even from someone you know, just in case a file is infected and this fact is not known. Having a high quality anti virus program is also essential, to ensure no viruses, worms, or Trojans are present on your system that would weaken your Internet security and make your system vulnerable to hacking.

Make sure that your system has a competent firewall installed and activated. The firewall provides a layer of Internet security to strengthen the defenses of your PC. If you have high speed Internet access, it may be advisable to unplug the Internet connection when you are not online. An open connection is seen as an invitation, and many high speed Internet providers keep your system connected and open twenty four seven. For this reason a lot of Internet access providers may offer a security program or suite that customers can use for free, to strengthen your Internet security. An efficient anti spyware program, an anti virus program, and a firewall in place will help protect you against any hacking attempts on your system.

Make sure to download and install any security updates for your system as soon as they become available. Sometimes it is possible that a software program has a glitch or two, and updates and patches are a way that these problems can be fixed. Not installing all of the recommended updates is the same as leaving your PC open for the hackers to walk through. All of these steps will help you protect your computer against any hacking attempts, and will also strengthen your Internet security so that hacking is less of a problem or risk. Use common sense and follow these simple tips, and you will greatly minimize the risk of becoming a hacking victim.

I want to worry you.

I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.

If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site -- although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site -- even a comment form -- read on.

Warning

This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:

x' or 'a' = 'a

If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:

x'

...