Flaw detected on Yahoo! website

By

Imperva points to jobs section.

An SQL injection flaw has been detected on the Yahoo! website.

Detected as a Blind SQLi problem, Imperva said that the vulnerabiliy was on the Yahoo job section, and could result in the information of large numbers of people being compromised.

Amichai Shulman, CTO at Imperva, said: “Data like this can be extremely useful as far as identity thieves are concerned. This is exactly the sort of data that is traded on so-called carder forums.”

Imperva claimed that forums are causing a problem for law enforcement, because when one forum is closed down another opens, and they act as an auction/exchange for a person's data.

Shulman said that some hackers are selling the ‘fish' - the stolen data - while others provide the ‘fishing polls' – the exploits that can be used to extract the information.

“This is why it's important to warn about potential SQL injection-hacked problems like this. If the potential problem is allowed to continue for any length of time, then the risk of a hacker attack rises as a result,” said Shulman.

“SQL injection is a major thorn in the side for the website hosting community. It can be tackled with careful research and high levels of security. Unfortunately, some site operators overlook this simple fact at high risk.”

See original article on scmagazineuk.com

Flaw detected on Yahoo! website
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
blindflawimpervainjectionjobssectionsecuritysqlsqliwebsiteyahoo

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?