Yahoo! Jobsite Flaw Discovery Prevented Hackers Stealing Personal Information
Security firm 'Imperva' has found an SQL injection flaw in Yahoo! jobs site. SQL injection is an attack in which harmful code is pierced into strings which are later transmitted to an instance of SQL server for parsing and implementation.
Soon after warning by data security firm Imperva to the search giant about the potential injection SQL flaw, the flaw in Yahoo's HotJobs site has been effectively blocked.
The vulnerability was discovered on the Yahoo jobs website by researchers after they had heard conversation between hackers on an unlawful forum website. The security company had cautioned Yahoo on morning of November 12, 2009 and by evening, the vulnerability was repaired.
Although it does not appear that the hackers past the planning stage, the case is a timely reminder of the need for web firms to vet code carefully, and to be cautious and ready to reply quickly when vulnerabilities are uncovered as Yahoo seems to have done.
As per Chief Technology Officer of Imperva 'Amichai Shulman,' this is a vulnerability that indicates that private details of several thousand people are hacked, as per the news by EWEEK on November 16, 2009.
Shulman stated that data like this could be very useful as far as ID thefts were concerned. This is precisely the kind of data traded on alleged carder forums. Depending on details, it can be used for spam, ID theft or phishing, as per the reports by SCMAGAZINE on November 16, 2009.
This recent finding indicates to a rising trend in the use of job sites to conduct ID theft. These websites prove good targets for attackers, as they are full of private details related with an individual's professional capabilities and contact information.
The news has come after the sophisticated and premeditated assault on the Guardian newspaper's recruitment website in late October 2009. The attack led to the stealing of half million CVs. The Guardian did not disclose the information of how the scam was conducted at that time, but Shulman professes that it might be an SQL injection.
Related article: Yahoo Gets “Yam”med by a Worm
» SPAMfighter News - 25-11-2009