Assuming you’re a bit of a geek, how did you amuse yourself over your Christmas vacation?
We can imagine a number of ways.
- You hacked the controller chip in the fairy lights at your Gran’s house so they spelled out a rude message. (Then ended up genuinely surprised when your family didn’t fall for your “Why does everyone always blame me?” act.)
- You went to a rave with one of those crowd-sourced playlist sessions where the partygoers choose the music from their phones as the night unfolds, and ran a man-in-the-middle attack to pull off a series of audio rickrolls. (Then ended up genuinely surprised when your friends didn’t fall for your “Why does everyone always blame me?” act.)
- You wrote a script to leave a voicemail on every extension at a nearby Army base asking the recipient to “Please call Colonel Sanders,” giving the number of a local KFC. (Then ended up genuinely surprised when your court-appointed lawyer didn’t fall for your “Why does everyone always blame me?” act.)
- You decided to stick to your New Year’s resolution to get fit by going for a ride on your bicycle, but you couldn’t remember how to boot it up.
Or perhaps you spent your Christmas break registering a brand new UK Private Limited Company with the princely startup capital of One British Pound?
One man did just that, and as ungeeky as it sounds, we’d like to salute one of the UK’s newest company directors:
Samuel Thomas Pizzey, Esq. 1 Moyes Cottages Bentley Hall Road Capel St. Mary Ipswich Suffolk United Kingdom IP9 2JL
Mr Pizzey describes himself as a software developer, is 28 years old, gives the nature of his business as Information technology consultancy activities and he’s the proud Owner, Director and Person With Significant Control of:
; DROP TABLE "COMPANIES";-- LTD
We can’t wait to visit his website…
…but we’re definitely going to use Lynx as our browser.
In case you’re wondering, Samuel’s company name is a kind of techie pun referencing a hacking trick called SQL injection, where you sneakily bury a SQL command inside a database search term. Search engines that blindly trust the input you give them may end up running the embedded command instead of searching for it – and the command DROP TABLE is SQL’s way of saying DELETE ALL THE DATA. If you’d like to know more about how SQL injection works, please read our explanation, an annotated article written in plain but purposeful English.
Andrew Ludgate
He needs to hire Bobby Tables…
http://xkcd.com/327/
Lars M. Hansen
“drop table” is not the same as “delete the whole database”. It’s delete one table. If you only have one table, use Excel …
Paul Ducklin
A colleague made that same point to me and for clarity we came up with DELETE ALL THE DATA as a good enough plain-speaking equivalent.
Browser
Seems a good compromise to me. People who know about this stuff will understand it just fine, but so will people who read these articles out of interest that doesn’t stem from professional involvement in a related industry.
Paul Ducklin
Thanks. There’s a link in this “Friday Humour” style piece to a more serious look we wrote recently (about a Russian hack against a US public service body), where we explain how this sort of SQL injection works…
…and including a copy of the famous XKCD “Little Bobby Tables” cartoon :-)
Anonymous
Perhaps this was not a legitimate registration at all and he was aiming to bring down Companies House?
irrelevantdotcom
I wonder if he is irritated about all those websites scraping companieshouse.gov.uk and then selling the information …
Graeme John DUCKWORTH
If the database was properly designed, the table would be called COMPANY, not COMPANIES
Paul Ducklin
I think it’s meant to be a sort of visual pun on the fact that the public service body that handles company registrations in the UK is called “COMPANIES House”, being the place where the TABLE listing all the COMPANIES is stored at the bottom of a LOCKED CABINET in a DISUSED LAVATORY in the CELLAR behind a sign saying BEWARE OF THE LEOPARD. (Some of those details may be imaginary.)
Anonymous
Can I can the company name “Select *” ?