SQL injection attacksremain one of the top ways
hackers steal personal information from websites likeYahoo Careers,
says security firmImperva.
"That is despite the fact that this form of attack has been
around for 10 years and can be easily avoided," said Amichai
Shulman, chief technology officer at Imperva.
Hackers do not create vulnerabilities, they merely exploit
vulnerabilities that are put in the coding of applications used by
websites to process information, he said.
Late last week, Imperva researchers warned Yahoo that the
vulnerability of its job site was under discussion in hacker forums
it monitors routinely for research purposes.
"Some members of the forum were discussing the vulnerability and
how it might be exploited to access information on the website's
database," said Shulman.
Yahoo responded within hours to block the vulnerability, which
is easily done by using more secure code for handling data in the
web application, he said.
In this case, the hackers were offering only a means of
accessing the database, said Shulman, without any evidence that the
site's database had been compromised.
But, he said this flaw can be used to steal thousands of
personal details, which is routinely offered for sale on
cybercrime
forums.
Earlier this year, similar vulnerabilities were exposed at the
Guardian job site and a partner site of the
Telegraph Media Group.