Monday, April 27, 2009

Funniest security trick ever

Both my regular readers will remember this security comic:

SQL Injection is a technique where instead of filling out a field in a web server form normally (for example, "Name" = "Bobby Tables"), an attacker sends database code (the "DROP TABLE Students;" part).

So where does this turn into the funniest security trick ever? Well, it seems that one Edvin Syse in Norway changed the name of his company from Syse Data to ';UPDATE TAXRATE SET RATE = 0 WHERE NAME = 'EDVIN SYSE'

As a joke, of course. Then Google found out (scroll down for the english translation).
This in turn created enough traffic at Brønnøysundregistrene for them to request that we change the name. We apologise for the inconvenience this has caused for Brønnøysundregistrene.
Astute readers will have figured out that the Brønnøysundregistrene is the Norwegian IRS.

Heh.

Hat tip: Emergent Chaos.

1 comment:

  1. This is fantastic. Thanks again for the laugh tonight. Have a great week!

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.