Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
An SQL injection flaw has been detected on the Yahoo! website.Detected as a Blind SQLi problem, Imperva said that the vulnerabiliy was on the Yahoo job section, and could result in the information of large numbers of people being compromised.Amichai Shulman, CTO at Imperva, said: “Data like this can be extremely useful as far as identity thieves are concerned. This is exactly the sort of data that is traded on so-called carder forums.”Imperva claimed that forums are causing a problem for law enforcement, because when one forum is closed down another opens, and they act as an auction/exchange for a person's data.Shulman said that some hackers are selling the ‘fish' - the stolen data - while others provide the ‘fishing polls' – the exploits that can be used to extract the information.“This is why it's important to warn about potential SQL injection-hacked problems like this. If the potential problem is allowed to continue for any length of time, then the risk of a hacker attack rises as a result,” said Shulman.“SQL injection is a major thorn in the side for the website hosting community. It can be tackled with careful research and high levels of security. Unfortunately, some site operators overlook this simple fact at high risk.” See original article on scmagazineuk.com