One of the oldest tricks in hackers' books is to get a targeted website to tell the attackers what its vulnerabilities are.
Sometimes hackers perform "Google hacks" to use the search engine to find cached examples of error messages on pages. Other times, they enter odd terms into a website's search box to see if the site spits back error messages from its SQL database.
Those error messages can tell hackers a lot about the site -- often, enough to exploit the found vulnerability by injecting malicious code into the database. That's known as a SQL injection.
SQL injections can be used to get a site to spit back its database contents, such as lists of usernames and passwords. They can also be used to infect visitors' computers with malware.
About 14% of all hacks last year involved SQL injections, according to Verizon's 2011 Data Breach Investigations Report.
SQL injections can be stopped, but experts say they're very difficult to find, particularly for large sites with complicated code. Sites need a multi-layered defense to prevent SQL injection attacks: They must clear their code of vulnerabilities, ensure it's free of injections, and if their database is returning unexpected data, they have to find a way to stop it.
Large, organized crime syndicates have been launching sophisticated attacks for decades.
|Top exec at South Korea's Lotte found dead hours before prosecutor questioning|
|Become a millionaire: time, a savings plan, compound growth|
|Secrets of ultra stealth submarines revealed in massive leak August 24|
|Kareem Abdul-Jabbar: Men have 'gotta get over' their issues with equal pay August 25|
|Uber bleeds more than $1 billion in six months|