Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Yahoo fixes jobsite SQL injection flaw

Imperva : 17 November, 2009  (Technical Article)
Jobsite secured by Yahoo! after receiving a report from Imperva about vulnerability to Blind SQLi attacks
Imperva has reported to Yahoo! a potential SQL injection flaw - known as a Blind SQLi problem - on the Yahoo jobs site.

'This is a flaw that could mean that the personal information of large numbers of people are compromised,' Amichai Shulman, Imperva's chief technology officer said.

'Data like this can be extremely useful as far as identity thieves are concerned. This is exactly the sort of data that is traded on so-called carder forums,' he added.

According to Shulman, although illegal data exchanges are shut down on a regular basis, the scale of the Internet means that as one closes, another opens elsewhere on the Net.

It's a very difficult situation for the law enforcement authorities, as while every identity theft data can be harvested on the Internet from site hacks caused by SQL injection hacks, the forums will act as an auction/exchange for that data, he explained. Shulman is saying that some hackers are selling the fish - that is the stolen data itself, while others provide the fishing polls - the exploits that can be used to extract the information.

'This is why it's important to warn about potential SQL injection-hacked problems like this. If the potential problem is allowed to continue for any length of time, then the risk of a hacker attack rises as a result,' he said.

'SQL injection is a major thorn in the side for the Web site hosting community. It can be tackled with careful research and high levels of security. Unfortunately, some site operators overlook this simple fact at high risk,' he added.

Yahoo was contacted and has deployed a fix to resolve the problem.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo