CCAvenue hacked
72 views
Skip to first unread message
Dinesh O'Bareja
May 6, 2011, 5:33:32 AM5/6/11
to headstar...@googlegroups.com
Am sure there are a number of CC Avenue users here so please be informed that they were hacked. The CEO has also issued a statement... check out the links to know more...
rajan chandi
May 8, 2011, 2:02:48 AM5/8/11
to dinesh...@gmail.com, headstar...@googlegroups.com
These guys are really behind in tech. I knew this will happen someday.
They're not yet supporting Ruby on Rails - which is surprising too!
Best
Rajan
They're not yet supporting Ruby on Rails - which is surprising too!
Best
Rajan
--
http://www.headstart.in
Visit this group at http://groups.google.com/group/headstart-network
Shashi Joshi
May 8, 2011, 2:44:30 AM5/8/11
to dinesh...@gmail.com, headstar...@googlegroups.com
And the best part is -
"Payment gateway, CCAvenue it seems was hacked by hackers via exploiting SQL injection vulnerability."
This is a classic example of "Coding versus Programming".
The guys at CCAvenue, the dev team is full of great coders, with little idea of programming!
Any input from outside your safe zone (e.g. coming from the internet through form) must be cleaned. And not by saying which are the bad characters to remove (which is not easier to define compared to ..), but by saying what characters are safe. e.g. A-Za-z0-9_- etc. and removing all that are not needed, so called sanitizing the input.
Writing of code should always follow the long term, the 'what-is-right' approach as well. Not the mad0rush always, nor the 'it-works, so why bother' approach. Specially if you are dealing with finances, and your reputation.
While coding is the energy and ability to do something, programming is the attitude, the approach to the how of the doing. With proper direction, lot of energy is not of much use.
As startups, it would be even more important to take the right attitude, when giants like CCA can fall prey to silly mistakes of ignoring SQL injection!
Just a nostalgic bout from my years working with databases!
Thank you.
Shashikant Joshi
Author, ATTITUDE SHIFT - Sanskrit Maxims for Contemporary Life and Leadership
"Payment gateway, CCAvenue it seems was hacked by hackers via exploiting SQL injection vulnerability."
This is a classic example of "Coding versus Programming".
The guys at CCAvenue, the dev team is full of great coders, with little idea of programming!
Any input from outside your safe zone (e.g. coming from the internet through form) must be cleaned. And not by saying which are the bad characters to remove (which is not easier to define compared to ..), but by saying what characters are safe. e.g. A-Za-z0-9_- etc. and removing all that are not needed, so called sanitizing the input.
Writing of code should always follow the long term, the 'what-is-right' approach as well. Not the mad0rush always, nor the 'it-works, so why bother' approach. Specially if you are dealing with finances, and your reputation.
While coding is the energy and ability to do something, programming is the attitude, the approach to the how of the doing. With proper direction, lot of energy is not of much use.
As startups, it would be even more important to take the right attitude, when giants like CCA can fall prey to silly mistakes of ignoring SQL injection!
Just a nostalgic bout from my years working with databases!
Thank you.
Shashikant Joshi
Author, ATTITUDE SHIFT - Sanskrit Maxims for Contemporary Life and Leadership
On Fri, May 6, 2011 at 3:03 PM, Dinesh O'Bareja <dinesh...@gmail.com> wrote:
--
simran
May 8, 2011, 10:35:09 AM5/8/11
to headstar...@googlegroups.com
For those that are into security - there is a brilliant group called null ( null.co.in ) and CCAvenue's hack has also been discussed there - https://groups.google.com/forum/#!topic/null-co-in/-J_TJBBpg9o
On Fri, May 6, 2011 at 3:03 PM, Dinesh O'Bareja <dinesh...@gmail.com> wrote:
--
Reply all
Reply to author
Forward
0 new messages