Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12345»»»

SQL Injection Everywhere Expand / Collapse
Author
Message
Posted Sunday, April 10, 2011 9:19 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 6:53 PM
Points: 31,177, Visits: 15,623
Comments posted to this topic are about the item SQL Injection Everywhere






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1091218
Posted Sunday, April 10, 2011 11:03 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 12:08 AM
Points: 35,366, Visits: 31,901
I think people have really gotten silly with computers. I mean, c'mon! Why would anyone connect a bloody washing machine to the internet?

More silly stuff... I heard that there was a recall by one of the car makers the other day. Seems like the (I can't believe this) computer controlled windshield wipers were having a problem. REALLY??!! We're paying for that kind of stupid stuff?

How about spending more time and dollars on really cool stuff like designing a 350HP engine that gets 50MPG without batteries? You see that kind of stuff on the news all the time. How come no one has put that type of technology in common vehicles instead of screwing around with {gasp!} computer controlled windshield wipers.

Like the quote goes, "No one is sure of the age of the human race but everyone agrees it should know better by now."


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1091237
Posted Sunday, April 10, 2011 11:39 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, December 26, 2013 11:18 PM
Points: 243, Visits: 178
I think there are many good reasons for connecting things to the internet, and to let them be computer controlled.

Not to ruin your wind shield story - but I really like the wipers in our car. They are connected to a sensor, and start wiping if the windows get wet. This allows me to keep my limited focus on the road. And the wipers are just a small part. I believe that all these small things in cars can help us focus more on the road and drive safer.

But I totally agree, that when they mess up and need to recall cars because of what must be a critical error in the wiper software - then something might not be as decoupled as it should have been. And sooner or later we will all be driving autonomous cars - and then we can start worrying about software bugs...

For the other "connected" items, I would agree that maybe the washing machine isn't the most obvious. But still there could be some features which could come in handy. You could start the machine when you start driving home from work (even when you don't know when work is done), it could call on service if some small problem has occurred, instead of today where they just keeps going and then breaks completely (good for the environment I guess), receive updates to the built-in programs to be more efficient (in strong opposition to the "If it ain't broken, don't fix it" rule), etc.

But we need to remember that no matter how much we test our software, when we move from mechanical controlled to software controlled we will introduce some new risk, and some new bugs. And those can be hard to fix in e.g. a non-connected washing machine.

/Anders
Post #1091244
Posted Sunday, April 10, 2011 11:42 PM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Friday, September 5, 2014 2:00 PM
Points: 2,160, Visits: 2,191
Jeff Moden (4/10/2011)
More silly stuff... I heard that there was a recall by one of the car makers the other day. Seems like the (I can't believe this) computer controlled windshield wipers were having a problem. REALLY??!! We're paying for that kind of stupid stuff?


You mean you don't mind turning your windshield wipers on and off?

My cars has automatic headlights, and after having driven it for a while, it was a real shock when I drove a rental car into a parking garage, and it was like, why is it so dark in here and I can't see? Duh, I have to actually turn the head lights on.

In terms of cars everything that can reasonably be automated, without significant risk, that takes a distraction away from the driver is a good thing in my opinion. (How many people do you see driving at twilight without their lights on?)
Post #1091249
Posted Monday, April 11, 2011 1:08 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 12:08 AM
Points: 35,366, Visits: 31,901
Anders Hansen (4/10/2011)
I think there are many good reasons for connecting things to the internet, and to let them be computer controlled.

Not to ruin your wind shield story - but I really like the wipers in our car. They are connected to a sensor, and start wiping if the windows get wet. This allows me to keep my limited focus on the road. And the wipers are just a small part. I believe that all these small things in cars can help us focus more on the road and drive safer.

But I totally agree, that when they mess up and need to recall cars because of what must be a critical error in the wiper software - then something might not be as decoupled as it should have been. And sooner or later we will all be driving autonomous cars - and then we can start worrying about software bugs...

For the other "connected" items, I would agree that maybe the washing machine isn't the most obvious. But still there could be some features which could come in handy. You could start the machine when you start driving home from work (even when you don't know when work is done), it could call on service if some small problem has occurred, instead of today where they just keeps going and then breaks completely (good for the environment I guess), receive updates to the built-in programs to be more efficient (in strong opposition to the "If it ain't broken, don't fix it" rule), etc.

But we need to remember that no matter how much we test our software, when we move from mechanical controlled to software controlled we will introduce some new risk, and some new bugs. And those can be hard to fix in e.g. a non-connected washing machine.


/Anders


Maybe I'm over-simplifying but you don't need a computer to interface the sensor to your windshield wipers to have it work. You also don't need a computer to turn the lights of your car on when you drive into a dark spot. A simple sensor will do that without the need for a computer.

I subscribe to a satellite TV company. One of the requirements to "get the discount" is to always have the receiver connected to the phone line. I had to run that phone line because one didn't exist where the TV was.

And what would they do to the software running a washing machine? Change the timers? That justifies a full time internet connection? And it won't fix the most common aliment of having the little cross of rubber between the motor and the clutch wearing out even on computer controlled washers.

I love technology. It's been used to do some pretty good things. I just think people are getting carried away with its implementation in a lot of areas.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1091264
Posted Monday, April 11, 2011 1:23 AM
SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Today @ 2:47 AM
Points: 1,602, Visits: 5,653
Jeff Moden (4/10/2011)
How about spending more time and dollars on really cool stuff like designing a 350HP engine that gets 50MPG without batteries?


Because it's impossible? Petrol and diesel engines are not far off as efficient as they possibly can be right now--350HP while still getting 50mpg is a pipe-dream, I'm afraid. It's still possible to get 50mpg, though, just buy a smaller car!
Post #1091267
Posted Monday, April 11, 2011 4:50 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, September 30, 2014 3:20 PM
Points: 115, Visits: 747
Talk of SQL Injection always reminds me of this xkcd comic, which should never be forgotten by database professionals - Little Bobby Tables
Post #1091332
Posted Monday, April 11, 2011 5:33 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 12:08 AM
Points: 35,366, Visits: 31,901
paul.knibbs (4/11/2011)
Jeff Moden (4/10/2011)
How about spending more time and dollars on really cool stuff like designing a 350HP engine that gets 50MPG without batteries?


Because it's impossible? Petrol and diesel engines are not far off as efficient as they possibly can be right now--350HP while still getting 50mpg is a pipe-dream, I'm afraid. It's still possible to get 50mpg, though, just buy a smaller car!


Heh... Impossible? Not with all the waste heat collected by the cooling system or blown out the tail pipe. What's the effeciency of today's engines? IIRC, If they even come close to 20%, it would be a miracle.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1091349
Posted Monday, April 11, 2011 6:33 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, May 7, 2012 9:23 AM
Points: 304, Visits: 716
There was a news story this weekend reporting that distracted driving is becoming an epidemic in the country. There was an increase of 13,000 additional car accidents all attributed to distracted driving. Ford Motor company is now facing multiple law suits (as are other car companies) based on them building in Tom-Tom's and other various digital distractions into their new model cars.

Yes, it is scary that at some point, controlling our worlds digitally seems so much like the old "Jetsons" cartoons, but the reality is that the more we come up with these (usually) bad ideas, we only increase the 'playground' for hackers. Add that to the distracted and disconnected society we are building and all the images of the "bright future" technology would bring us, suddenly dims.

What we have lost in the last three decades is simple; we used to build technologies to address problems - now we build them for nothing more than 'because we can', and all the better if we get people hooked on it - who cares about the rising death and injury toll, let alone the danger of too much bleach in your wash - there's money to be made.
So, a few will get rich, some will get hacked and have too much bleach in their colors, and thousands will die and be maimed all in the interest of almighty dollar.

Welcome to the future; a hackers paradise of ill-thought out technological wonders.


There's no such thing as dumb questions, only poorly thought-out answers...
Post #1091374
Posted Monday, April 11, 2011 7:03 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, February 21, 2014 8:14 AM
Points: 194, Visits: 255
First, you mention that turning up your refrigerator is not that bad, but what if it was more malicious -- say they turn it up while you're gone during the day, then turn it back down in the evening. You may not be aware that your food is potentially unsafe. Botulism and other types of food poisoning can be life threatening.

I think it speaks volumes about human nature when one of the biggest selling items is an aluminum wallet.



Post #1091398
« Prev Topic | Next Topic »

Add to briefcase 12345»»»

Permissions Expand / Collapse