There’s a new paper out on SQL injection DoS attacks. Given the severity of the claims, I don’t see why this isn’t getting more coverage. The authors purport that almost any server with a SQL back-end and a search form is vulnerable. Essentially, they craft SQL queries that take an exorbitantly long amount of time to execute. When launching a small handful of them, you can actually make a database completely unresponsive. Although perhaps not as damaging as traditional SQL injection (most people would rather have their data unavailable rather than in the hands of an attacker), it appears to be much easier to execute, so it probably won’t be long before people start seeing this show up everywhere.

Internet griefers descended on an epilepsy support message board last weekend and used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users.

The attackers turned to a more effective tactic on Sunday, injecting JavaScript into some posts that redirected users’ browsers to a page with a more complex image designed to trigger seizures in both photosensitive and pattern-sensitive epileptics.

Although I had never heard of a Griefer before, I find this activity remarkable in it’s crude indifference to other human beings. Even stealing money from people’s bank accounts makes more sense – at least there human greed can be used as a motive. In this instance, there is no possible benefit to the attacker from causing physical harm to anonymous epilepsy sufferers, and there can be no motive other than the most malicious and reprehensible form of Schadenfreude.