All Tricks

Hacker conference Chaos Communication Congress 31c3 is under way in Hamburg, Germany right now where a cluster of SS7 talks have revealed the ease of invasive cell phone surveillance. Three groundbreaking research presentations and live demonstrations on SS7 have shown that the NSA -- or any government's ability or access -- isn't needed to track you completely (and terrifyingly) with your cell phone. CCC is livestreaming all 31c3 talks and archiving them immediately, and you can see more of the conference's great presentations. Slide from SS7 Locate Track Manipulate (Tobias Engel)  Tobias Engel/CCC The world's oldest -- and Europe's largest -- hacker organization The Chaos Computer Club is proving its mettle with the talks at this year's 31c3: A New Dawn. But in three of the conference's earliest presentations, onstage only a day ago, researchers show what's commercially available in the realm of phone spying, and it may scare you more

SQL Injection: The definitive guide An SQL Injection is an attack targeted to a vulnerable system. Here I will show you the strategies to adopt for your security. Let’s begin! SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). These attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. [Resource: Wikipedia ] It is one of the most common attacks on the websites. The best passwords and the best mindset may not be enough. If you have a website that uses this type of database, you must learn how to defend it. An example of attack: User: Password: