1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today’s Internet world?
RFI stands for Remote File Inclusion that allows the attacker to upload a custom coded/malicious file on a website or server using a script. This vulnerability exploits the poor validation checks in websites and can eventually lead to code execution on server or code execution on website (XSS attack using javascript). RFI is a common vulnerability and all website hacking is not entirely focused on SQL injection. Using RFI you can deface the websites, get access to the server and do almost anything. What makes it more dangerous is that you only need to have your common sense and basic knowledge of PHP to execute this one, some BASH might come handy as most of servers today are hosted on Linux.
2. What country is the top host of SQL Injection and SQL Slammer infections? Why can’t the US Government do anything to prevent these injection attacks and infections?
The United States of America is at the top of the list when it comes to SQL Injections and SQL Slammer infections, China comes in second. Cybercriminals have made vast improvements to their infrastructure over the last few years. Its expansion is thousands of websites vulnerable to SQL Injections. Malicious code writers have exploited these vulnerabilities to distribute malware so quick that the government cannot contain such a large quantity. The infected web servers redirected unsuspecting visitors to malicious websites, then the victim’s computers were then subjected to client-side exploit code. Once infected, these computers were added to the thousands of bots under the control of hackers. The attackers knew antivirus companies would write updates and software vendors will patch their code so they made sure their malicious web sites were loaded with a variety of exploit codes.
3. What does it mean to have a policy of Nondisclosure in an