Sophos video about hacked BusinessWeek site

Sophos has a short video showing evidence of a hacked page on the BusinessWeek web site. I was impressed by how Google Chrome handled this:

The interesting point is that we are finding malicious JavaScript on highly reputable sites. Sophos says this one was caused by SQL injection, and I noticed that the page uses Microsoft’s old .asp technology in which it was particularly easy to code insecurely.

What’s the solution? Beats me; there are just zillions of insecure web applications out there. However, it’s disappointing that BusinessWeek still has not cleaned up the pages, which were reported last week (but perhaps that means last thing Friday).

One thought on “Sophos video about hacked BusinessWeek site”

  1. Hi Tim

    Thanks for your post about how Google Chrome treats the BusinessWeek webpages affected by the SQL Injection attack.

    Just so you know – we did tell BusinessWeek earlier in the week than Friday night. I think we informed them at about Thursday lunchtime (UK time), early morning USA.

    BTW, the video (which is hosted on the SophosLabs area of Viddler) is easy to embed on your own blog if you want. 🙂

    Cheers

Comments are closed.