Surprise! Microsoft announces SQL Server on Linux

Microsoft has surprised the industry by announcing plans to bring SQL Server to Linux, a move that would accelerate the overall adoption of SQL Server.

“We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017,” wrote Scott Guthrie, Executive Vice President, Cloud and Enterprise Group, Microsoft, in a blog.

Guthrie notes that SQL Server on Linux will provide customers with even more flexibility in their data solution.

“This is an enormously important decision for Microsoft, allowing it to offer its well-known and trusted database to an expanded set of customers,” said Al Gillen, group vice president, enterprise infrastructure, at IDC. “By taking this key product to Linux Microsoft is proving its commitment to being a cross platform solution provider. This gives customers choice and reduces the concerns for lock-in. We would expect this will also accelerate the overall adoption of SQL Server.”

“We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux,” said Paul Cormier, President, Products and Technologies, Red Hat.  “As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.”

“We are delighted to be working with Microsoft as it brings SQL Server to Linux,” said Mark Shuttleworth, founder of Canonical. “Customers are already taking advantage of Azure Data Lake services on Ubuntu, and now developers will be able to build modern applications that utilize SQL Server’s enterprise capabilities.”

The private preview of SQL Server on Linux is available already.

SQL Server 2016
Meanwhile, CEO Satya Nadella and other senior Microsoft leaders recently showcased Microsoft SQL Server 2016, the next release of the company’s flagship business analytics and data management platform, which will be generally available later this year.

Microsoft says SQL Server 2016 supports hybrid transactional/analytical processing, advanced analytics and machine learning, mobile BI, data integration, always encrypted query processing capabilities and in-memory transactions with persistence.

The new release’s security encryption capabilities enable data to always be encrypted at rest, in motion and in-memory to deliver maximum security protection.  In-memory database support for every workload with performance increases up to 30-100x.

SQL Server 2016 also offers business intelligence for every employee on every device – including new mobile BI support for iOS, Android and Windows Phone devices.

Advanced analytics using Microsoft’s new R support enables customers to do real-time predictive analytics on both operational and analytic data.

Microsoft also says that the SQL Server 2016 is available on Linux in private preview, making SQL Server 2016 more accessible to a broader set of users

Easy Migration
Microsoft also announced a new program to help more businesses move to SQL Server 2016. Businesses currently running applications or workloads on non-Microsoft paid commercial RDBMS platforms will be able to offset the costs of licensing, migration planning and training when moving to SQL Server 2016.  They will also be able to migrate their applications to SQL Server without having to purchase SQL Server licenses.

Attackers use SQL injections to manipulate search engine rankings

Akamai Technologies, Inc. has issued a new Web security threat advisory from the company’s Threat Research Division. Threat Research has identified a sophisticated search engine optimization (SEO) campaign that uses SQL injections to attack targeted websites.

Affected websites will distribute hidden Hypertext Markup Language (HTML) links that confuse search engine bots and erroneously impact page rankings.

Over the course of a two week period in Q3 2015, Threat Research analyzed data gathered from the Akamai Intelligent Platform and observed attacks on more than 3,800 websites and 348 unique IP addresses participating in the various campaigns, revealing the following key findings:

• Evidence of mass defacement – when searching the Internet for the HTML links that were used as part of this campaign, Threat Research identified hundreds of web applications containing these malicious links.
• Attacks manipulated search engine results – when searching for a combination of common words such as “cheat” and “story”, it was apparent that the “cheating stories” application appeared on the first page of the leading search engines.
• Analytics showcased impact of attacks – Threat Research looked at Alexa analytics and the ranking of the “cheating stories” application dramatically increased during the three month span.

Search engines use specific algorithms to determine page rankings and indexing for sites on the web, and the number and reputation of links that redirect to the web application influence these rankings. The SEO attackers created a chain of external links that direct to stories of cheating and infidelity on the web to mimic normal web content and impact search engine algorithms.

“The ability to manipulate page rankings is an enticing proposition and business for attackers,” said Stuart Scholly, Senior Vice President and General Manager, Security Business Unit, Akamai. “If successful, attacks can impact revenue and, most importantly, the reputation of many organizations and companies using the Internet.”

Mitigation
Attacks in the campaign have demonstrated a unique understanding of search engine operations, and accordingly, Threat Research recommends the following defense techniques:

• For Web Application Developers
• Ensure that you have implemented proper input validation checks for all user-supplied data that will be used within a back-end database query. Reference: https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
• Only use prepared statements with parameterized queries when constructing SQL queries based on user-supplied data. Reference: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

• For Web Application Defenders
• Deploy a Web Application Firewall (WAF) that is configured in a blocking mode for SQL Injection attacks.
• Consider profiling and monitoring the HTML response body format to help identify if there are significant changes such as an increase in the number of web links.

Pacnet's corporate IT network breached, warns Telstra

Telstra has advised Pacnet customers, staff and regulators in relevant jurisdictions of a security breach that allowed third party access to Pacnet’s corporate IT network.

The breach occurred prior to Telstra taking ownership of Pacnet and Telstra was made aware of the breach on finalization of the purchase on 16 April 2015.

Group Executive of Global Enterprise Services Brendon Riley said Telstra had taken immediate action to protect the security of the network once it was informed of the breach.

“Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Riley said.

“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorized access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.

“Now we have addressed the breach and understand its potential impacts we are in the process of advising our Pacnet customers worldwide of what occurred and reassuring them that we are now applying the same high level of security we apply to Telstra’s networks.”

The Pacnet corporate IT network is not connected to Telstra and there has been no evidence of any activity on Telstra’s networks.

Riley said there had been no contact from the perpetrators nor did Telstra know the reason for the breach.

“Our focus is not on attribution. Our focus is working with our customers to understand and minimize the impact to them and to give them confidence that we will apply Telstra’s very high security standards to the Pacnet IT network,” Riley said.

“Protecting the information of our customers and people is critically important to Telstra. We make significant investments in security capabilities and work around the clock globally to keep our customers’ data safe and our networks secure.”

Mass SQL injection attack compromises IIS/ASP sites

Thousands of websites and who knows how many visitors were affected by the recently discovered mass SQL injection attack that targeted - among others - The Wall Street Journal and The Jerusalem Post websites.

Sucuri Security spotted the attack on many websites and Googled the http://ww.robint.us/u.js web address to which the script was pointing, and according to the results, some 114.000 different pages contained it.

Further investigation into the matter revealed the common denominator: all sites are hosted on IIS servers and use ASP.net. By sifting through the logs and the packet dump of the attack, they also discovered that the attack was launched against a third party ad management script.

When a user visits a compromised site, the malicious code will attempt to redirect him to a site where malware is waiting to be installed on his machine and allow the criminals behind this attack remote access to it.

Mary Landesman, security researcher with Cisco, claims that only around 7,000 pages are infected (she searched the entire script through Google, not just the web address it points to). She also points out that when it comes to larger websites, only certain pages on the websites are infected, which - she admits - might not mean much to affected users.

Romanian Hacker Breaches Third Security Vendor Site

The hacker who broke through the Website defenses of two prominent security vendors earlier this week has claimed a third victim. F-Secure joins Kaspersky, BitDefender as victim of SQL injection attack .

According to a posting on hackersblog.com, the Romanian attacker who launched SQL injection attacks on Kaspersky and BitDefender has now successfully penetrated the Web defenses of F-Secure, as well.

The attacker, however, did not publish any sensitive data even though he could have gained access to it, Kaspersky said.

Read more about this here.

Microsoft plugs eight security holes

Microsoft published four patches on Tuesday to close serious vulnerabilities in its Internet Explorer browser, Exchange e-mail server and Microsoft SQL server.

Read more about the updates here.