CloudBleed Flaw - Just on character issue caused it?

Fact is stranger than Fiction



A tiny but serious bug poked a hole in this digital wall. One character—an instance of "==" that should have been ">="—made it possible for computers to skip over the dividing wall between two different people's data. This allowed users exploiting a certain technique to obtain a random chunk of a random person's otherwise private information

If you have doubts you can check if an website you access is affected with the following URL
https://cloudbleedcheck.com/

There are a few plugins to check you bookmark but, I am not sure how safe or authentic they are.



For More info:
http://www.popularmechanics.com/technology/security/a25380/cloudbleed-explained/

Interesting - SQL Truncation Attack

According to the article:-

The SQL Truncation vulnerability is a very interesting flaw in the database. The successful exploitation of this issue leads to user account compromise, as it means an attacker can access any users account with his own password. Sounds interesting!

First we will see why this issue occurs in the database. If the user input value is not validating for its length, then a truncation vulnerability can arise. If the MySQL is running in default mode, Administrator account as admin, the database column is limited to 20 characters.

The link below has a good example:-

http://resources.infosecinstitute.com/sql-truncation-attack

Xbox password flaw discovered - by a 5 year old

By entering an incorrect password in the first prompt and then filling the second field with spaces, a user can log in without knowing a password to an account


The link below has more information:-
http://www.bbc.co.uk/news/technology-26879185