Latest software headlines from Network World:
At 10, Google reiterates commitment to CIOs
As Google turns 10, enterprise success in question
Zoho adds Google Docs-like file management
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Still?
These types of attacks could be easily avoided even with todays technology. Can't really blame one language, one product or even one company but the IT world. To blame one component in chain where it is NOT responsible of the (security) role is very weird. Injection is one problem but what is allowed after that is totally another.
For example the session keys (and encryption top of it if needed) would work - the hijacking system would have no idea how to handle those without breaking into the server. Many other ways and what I'm amazed that even MS with their huge resources haven't done it? Even early in communications the simple security was just agreeing the parameters for an algorithm in connections and if you didn't get the first message it was very difficult to take the other ends place.