Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How are large tech sites such as LivingSocial and Evernote hacked?
4 points by Anonymous176 on April 28, 2013 | hide | past | favorite | 2 comments
Hi,

How are large tech sites such as LivingSocial, Zappos, LinkedIn and Evernote hacked?

I don't understand how these database tables are accessed. Surely it is not SQL Injection, as that should be a thing of the past with prepared statements, I cannot see how changing any session state would effect the application as Unit Tests would have already picked this up, and I cannot imagine that hackers would easily be able to gain root access to the machines which be locked down, with a SSH key.

I ask this because I manage a large database with fields (FirstName, Surname and DOB) and wondering how safe this data is.

Thanks




In my experience it never, ever, ever, ever, ever has been that they didn't _know better_ but rather it was a time/money issue. Someone makes a page that needs to be used by two or three people only and doesn't bother to secure it because it is quick and dirty project done that afternoon. The developer throws the project together and pushes it out.

Then 18 months later it is exploited :-/


You'd be surprised. There are sites out there with millions of users designed by amateur programmers. It really is as simple as SQL injection.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: