Three years after the United Nations' website was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities. Security researcher Robert Graham, CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities. In the 2007 defacement, attackers replaced then-Secretary General Ban Ki-Moon's speeches with some of their own calling for "peace forever" and "no war." The attackers exploited a SQL injection bug. "In what's become a yearly blogpost, the UN still has not fixed the SQL injection problems that led to their website being hacked back in 2007," Graham blogged today. "For example, if you click on 'print this article', then use that URL instead, the SQL injection still works."

**Hidden Content: To see this hidden content your post count must be 1 or greater.**