Yahoo blocks job site vulnerability after hackers take aim


Yahoo blocks job site vulnerability after hackers take aim

Warwick Ashford

SQL injection attacks remain one of the top ways hackers steal personal information from websites like Yahoo Careers, says security firm Imperva.

"That is despite the fact that this form of attack has been around for 10 years and can be easily avoided," said Amichai Shulman, chief technology officer at Imperva.

Hackers do not create vulnerabilities, they merely exploit vulnerabilities that are put in the coding of applications used by websites to process information, he said.

Late last week, Imperva researchers warned Yahoo that the vulnerability of its job site was under discussion in hacker forums it monitors routinely for research purposes.

"Some members of the forum were discussing the vulnerability and how it might be exploited to access information on the website's database," said Shulman.

Yahoo responded within hours to block the vulnerability, which is easily done by using more secure code for handling data in the web application, he said.

In this case, the hackers were offering only a means of accessing the database, said Shulman, without any evidence that the site's database had been compromised.

But, he said this flaw can be used to steal thousands of personal details, which is routinely offered for sale on cybercrime forums.

Earlier this year, similar vulnerabilities were exposed at the Guardian job site and a partner site of the Telegraph Media Group.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy