A A
RSS

Yahoo! Prevented Hackers Stealing Personal Information

Wed, Nov 25, 2009 | News | Print This Post Print This Post

News

Security firm ‘Imperva’ has found an SQL injection flaw in Yahoo! jobs site. SQL injection is an attack in which harmful code is pierced into strings which are later transmitted to an instance of SQL server for parsing and implementation.

Soon after warning by data security firm Imperva to the search giant about the potential injection SQL flaw, the flaw in Yahoo’s HotJobs site has been effectively blocked.

The vulnerability was discovered on the Yahoo jobs website by researchers after they had heard conversation between hackers on an unlawful forum website. The security company had cautioned Yahoo on morning of November 12, 2009 and by evening, the vulnerability was repaired.

Although it does not appear that the hackers past the planning stage, the case is a timely reminder of the need for web firms to vet code carefully, and to be cautious and ready to reply quickly when vulnerabilities are uncovered as Yahoo seems to have done.

As per Chief Technology Officer of Imperva ‘Amichai Shulman,’ this is a vulnerability that indicates that private details of several thousand people are hacked, as per the news by EWEEK on November 16, 2009.

Shulman stated that data like this could be very useful as far as ID thefts were concerned. This is precisely the kind of data traded on alleged carder forums. Depending on details, it can be used for spam, ID theft or phishing, as per the reports by SCMAGAZINE on November 16, 2009.

This recent finding indicates to a rising trend in the use of job sites to conduct ID theft. These websites prove good targets for attackers, as they are full of private details related with an individual’s professional capabilities and contact information.

The news has come after the sophisticated and premeditated assault on the Guardian newspaper’s recruitment website in late October 2009. The attack led to the stealing of half million CVs. The Guardian did not disclose the information of how the scam was conducted at that time, but Shulman professes that it might be an SQL injection.

November 25, 2009
source: spamfighter.com

photo credit: Simon Stratford

  • Digg
  • StumbleUpon
  • del.icio.us
  • NewsVine
  • Facebook
  • Yahoo! Buzz
  • Mixx
  • Technorati
  • Google Bookmarks
  • Reddit

Tags:

Comments are closed.

Advertise Here
Advertising australia Canada Cars classified ads classifieds Craigslist eBay employment free classifieds free offer Google government India industry news Internet job market job postings job seekers Kijiji LinkedIn Marketing Marketplace market trends Media mobile monster.com Newspapers online classified ads oodle Print Ads recession Search social media startups statistics technology traffic twitter UK vacancies Video Web workers worldwide
Bookmark and Share

TOP 15 US Classifieds Websites

TOP 15 US Job Search Websites

TOP 15 US Car Classifieds Websites

ICMA

Compete Ranking

52,461blog.daype.com
Ranking: 52,461
People: 35,054
Compete.com

Contact Us

feedback@daype.com
Get Adobe Flash playerPlugin by wpburn.com wordpress themes

Latest Videos

Categories

Archives