Subscribers Warned Of Serious SQL Vulnerability on Rockyou.Com
Security company Imperva is alerting all users about a dangerous SQL injection vulnerability which is found affecting Rockyou.com, a website used to develop software for social networks.
Security specialists revealed that an SQL injection is a sort of malicious assault that involves insertion of malicious code into strings that are subsequently transmitted onto an SQL Server where they're parsed and executed. As a result, hackers could seize private information that could be shared on forums for hacking or sold at auctions, potentially resulting in identity theft.
Giving the details of the probable dangers of SQL injection attacks, Amichai Shulman, chief technology officer at Imperva, said that hackers could pull out a huge amount of private details of users with such an attack. They could then use those details to carry out fraud or launch more effective phishing attacks, eWeek published this on December 14, 2009.
In addition, Shulman further stated that most of the subscribers of Rockyou.com are making use of same information on this site as their regular e-mail service, reported Security Watch on December 14, 2009.
Like an estimate reveals, hackers using this attack technique could have accessed 32 Million combinations of usernames and passwords listed in the database of Rockyou.com. As by default the usernames and passwords here are same as that of the users' webmail accounts, like Gmail, Yahoo or Hotmail, this demonstrates that security is seriously lacking.
The security researchers further commented that the attack, thus, leads to concerns regarding the trend of online users to employ identical login details for a number of accounts. This is because an attacker can easily extract personal details from users' mailboxes. They can then freely commit identity theft or extract e-mail addresses from the contact lists of the users to distribute spam.
Hence, Shulman urged users to remain wise while doing Web-surfing, particularly while entering account credentials on software sites. Simultaneously, he reminded software owners that they have the duty to safeguard users' information that is provided to them.
He further said that users must be careful and reset the password for their e-mail accounts because their credentials might be at risk.
Related article: Subscribers of Batelco Internet Attacked by Phishing Scam
» SPAMfighter News - 23-12-2009