SQL Injection Attack: What is it, and how to prevent it. The way that Yahoo! was hacked, SQL Injection attack, is the same method as many other hacks in the news recently: SQL Injection.

Put simply, SQL injection is a technique in which the attacker uses a vulnerability in the code to send malicious SQL statements to a database.

SQL injection will take a new turn later this month at Black Hat Europe, when a security researcher shows how to take control of a database server using the technique.

An SQL attack typically occurs through a consumer facing software application, where hackers exploit coding holes and then insert malicious code inside the database itself.

Unsurprisingly enough, it turns out that Google isn't actually using its Web crawlers to perform SQL injection attacks on other people's sites. Unknown, and presumably malicious, third parties are.

Web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.

Security researchers say a massive SQL injection has compromised more than 1.5 million URLs.

Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases ...