Re: Latest AP press release
[ QUOTE ]
I've read the first part, and am now waiting anxiously for the followup parts. Great work.
Your description of the backend software changes sound like they would not be widely known in the company or clear to all that they could be exploited as they were. Someone would have to be pretty familiar with the hands-on operation of the systems and savvy enough to code a way to exploit them, I'd think.
Was AJ Green capable of this? Was he intimately familiar with backend design changes on the system, and able to code a way to access and exploit them?
I'd guess no, so we're still waiting to see who wrote the exploit.
[/ QUOTE ]
This is possible, but if the hole card information was written to the database, an executive could possibly access it outside of the whole application server system. There are power tools to lookup tables in databases, tools which make it easy for executives to just point and click without ever writing an sql query string.
|