Saturday March 20, 2010 3:02 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"im not receiving my emails can send but cant receive.was fine last night this morning not working"
on Hotmail log-in problems cause user panic
by r reid | Mar 19, 2010 2:24 AM
 
"hmm... the article sounds very good but isn't his last point spamcop? don't we already have ..."
on Wardriving cop warns of hackers in waiting
by anon | Mar 18, 2010 2:35 PM
 
"The claim listed above that NetRegistry CEO Larry Bloch said - and I quote "giving over your ..."
on Hackers attempt to dupe NetRegistry customers
by Joe Baptista | Mar 18, 2010 12:39 PM
 
"yes a survey of 24000 who actually understand the issue rather than a survey of 24000 semi-tech-i..."
on Internet censorship not a vote-changer
by Ash | Mar 18, 2010 12:19 AM
 
"Have the EFA produced the definitive and clear quote yet where Conroy calls his critics ..."
on Conroy brands EFA anti-filter campaign a disgrace
by Mazza | Mar 17, 2010 5:41 PM
Web

Flaw detected on Yahoo! website

  • Email a Friend
  • Print Page
Flaw detected on Yahoo! website
Related Articles
By Dan Raywood
Nov 17, 2009 10:46 AM
Tags: Imperva | flaw | Yahoo | jobs | section | website | SQL | injection | Blind | SQLi
Imperva points to jobs section.

An SQL injection flaw has been detected on the Yahoo! website.

Detected as a Blind SQLi problem, Imperva said that the vulnerabiliy was on the Yahoo job section, and could result in the information of large numbers of people being compromised.

Amichai Shulman, CTO at Imperva, said: “Data like this can be extremely useful as far as identity thieves are concerned. This is exactly the sort of data that is traded on so-called carder forums.”

Imperva claimed that forums are causing a problem for law enforcement, because when one forum is closed down another opens, and they act as an auction/exchange for a person's data.

Shulman said that some hackers are selling the ‘fish' - the stolen data - while others provide the ‘fishing polls' – the exploits that can be used to extract the information.

“This is why it's important to warn about potential SQL injection-hacked problems like this. If the potential problem is allowed to continue for any length of time, then the risk of a hacker attack rises as a result,” said Shulman.

“SQL injection is a major thorn in the side for the website hosting community. It can be tackled with careful research and high levels of security. Unfortunately, some site operators overlook this simple fact at high risk.”

See original article on scmagazineuk.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
adobe browser explorer firefox fix flash flaw google hack ie internet microsoft mozilla patches player security software vulnerability website windows