SQL injection attacks become new threats that will challenge operating system security _ MySQL

SQL injection is a new threat that will challenge the security of the operating system. for individual users, in addition to viruses and Trojans, the invisible code on the webpage has begun to seriously threaten our security, however, most people lack the awareness of self-protection and do not have enough awareness of the dangers of the invisible code. they even steal important information without their knowledge. Because the invisible code is relatively concealed, no virus firewall has been able to prevent the attack of the invisible code, and most of them cannot even be found. Therefore, we should be highly vigilant against the invisible killer in web code.

Generally, the "invisible killer" in web code is divided into the following categories. you can take precautions after learning about it.

Stealth killer 1: CPU usage

By constantly consuming the system resources of the local machine, the CPU usage is as high as 100%, so that the computer can no longer process other users.

The typical prank of the "stealth killer 1" code is to generate an endless loop through JavaScript. This type of code may appear on a malicious website or be sent to you as an email attachment. Currently, most mail client programs can automatically call browsers to open HTM/HTML files. As soon as you open the attachment, there will be countless new browser windows on the screen. Finally, you have to restart the computer.

Methods to avoid evil

Attachment.

Stealth killer 2: illegal reading of local files

A typical practice of this type of code is to read local files by calling Activex, JavaScript, and WebBrowser control on a webpage.

Compared with "invisible killer 1", "invisible killer 2" code is characterized by a relatively hidden expression. generally, it is difficult for people to find that the invisible code is reading files on their hard disks. "Invisible Killer 2" can also use browser vulnerabilities to kill attacks, such as IE5.0 IFrame vulnerability. A few lines of code can read any files that can be opened by IE on your local hard disk.

Methods to avoid evil

You can disable JavaScript and pay attention to Microsoft's security patches at any time.

Stealth killer 3: Web spoofing

Attackers first break into the DNS server responsible for domain name resolution of the target machine, and then reset the DNS-IP address to a host that he has been given super user permissions.

These attacks are rare in China at present, but they are very harmful if they are successful. In addition, it may cause heavy losses. The attack method is: forge an environment identical to that of the target machine on the host that has won the superuser permission to trick you into handing over your username and password. For example, our email or even the bank account and password on the Internet. Because you are faced with the same environment as yesterday, when you are skilled in typing the user name and password. I didn't even think of a real host.

Methods to avoid evil

When surfing the Internet, it is best to turn off the JavaScript of the browser so that attackers can not hide the signs of attacks. they can only open the browser when accessing a familiar website, although this will reduce the functionality of the browser, but I think it is worthwhile. Also, do not link to other websites from websites you are not familiar with, especially those websites that need to enter the personal account name and password.

Stealth killer 4: controls user machines

At present, this type of problem is mainly caused by the use of Actives by IE.

Now let's take a look at our IE security settings. for "download signed ActiveX controls", the current option is "prompt ". But you may not know that IE still has the privilege to download and execute programs without prompting. This is a serious security problem, and we may be completely controlled by others without knowledge.

Methods to avoid evil

In the registry HKEY-LOCAL-MACHINESOFTWAREMicrosoftInternet assumeractivex Compatiblity, create a CLSID-based New {your B6015C} value for "Active Setup controls" and create a REGDWORD value under the new value: compatibility Flags 0x00000400.

Stealth killer 5: illegal formatting of local hard disk

This type of code is very harmful. Your hard disk will be formatted as long as you browse its webpage.

This is not sensational. In fact, it is not a new vulnerability for IE to format the hard disk by executing ActiveX. if you browse a webpage containing such code, your local hard disk will be quickly formatted, in addition, because the window is minimized during formatting, you may not have to pay attention to it at all.

Methods to avoid evil

It is also a way to rename dangerous commands such as format.com#deltree.exe of the local machine. There are not many cases where we really need to use these doscommands in Windows, and many macro viruses or dangerous code directly call these doscommands, such as the famous Chinese macro virus "July killer ", it is in Autoexec. deltree c:/y is added to bat.