Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Subscribers Warned Of Serious SQL Vulnerability on Rockyou.Com

Security company Imperva is alerting all users about a dangerous SQL injection vulnerability which is found affecting Rockyou.com, a website used to develop software for social networks.

Security specialists revealed that an SQL injection is a sort of malicious assault that involves insertion of malicious code into strings that are subsequently transmitted onto an SQL Server where they're parsed and executed. As a result, hackers could seize private information that could be shared on forums for hacking or sold at auctions, potentially resulting in identity theft.

Giving the details of the probable dangers of SQL injection attacks, Amichai Shulman, chief technology officer at Imperva, said that hackers could pull out a huge amount of private details of users with such an attack. They could then use those details to carry out fraud or launch more effective phishing attacks, eWeek published this on December 14, 2009.

In addition, Shulman further stated that most of the subscribers of Rockyou.com are making use of same information on this site as their regular e-mail service, reported Security Watch on December 14, 2009.

Like an estimate reveals, hackers using this attack technique could have accessed 32 Million combinations of usernames and passwords listed in the database of Rockyou.com. As by default the usernames and passwords here are same as that of the users' webmail accounts, like Gmail, Yahoo or Hotmail, this demonstrates that security is seriously lacking.

The security researchers further commented that the attack, thus, leads to concerns regarding the trend of online users to employ identical login details for a number of accounts. This is because an attacker can easily extract personal details from users' mailboxes. They can then freely commit identity theft or extract e-mail addresses from the contact lists of the users to distribute spam.

Hence, Shulman urged users to remain wise while doing Web-surfing, particularly while entering account credentials on software sites. Simultaneously, he reminded software owners that they have the duty to safeguard users' information that is provided to them.

He further said that users must be careful and reset the password for their e-mail accounts because their credentials might be at risk.

Related article: Subscribers of Batelco Internet Attacked by Phishing Scam

ยป SPAMfighter News - 23-12-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next