Subscribers Warned Of Serious SQL Vulnerability on Rockyou.Com

Security company Imperva is alerting all users about a dangerous SQL injection vulnerability which is found affecting Rockyou.com, a website used to develop software for social networks.

Security specialists revealed that an SQL injection is a sort of malicious assault that involves insertion of malicious code into strings that are subsequently transmitted onto an SQL Server where they're parsed and executed. As a result, hackers could seize private information that could be shared on forums for hacking or sold at auctions, potentially resulting in identity theft.

Giving the details of the probable dangers of SQL injection attacks, Amichai Shulman, chief technology officer at Imperva, said that hackers could pull out a huge amount of private details of users with such an attack. They could then use those details to carry out fraud or launch more effective phishing attacks, eWeek published this on December 14, 2009.

In addition, Shulman further stated that most of the subscribers of Rockyou.com are making use of same information on this site as their regular e-mail service, reported Security Watch on December 14, 2009.

Like an estimate reveals, hackers using this attack technique could have accessed 32 Million combinations of usernames and passwords listed in the database of Rockyou.com. As by default the usernames and passwords here are same as that of the users' webmail accounts, like Gmail, Yahoo or Hotmail, this demonstrates that security is seriously lacking.

The security researchers further commented that the attack, thus, leads to concerns regarding the trend of online users to employ identical login details for a number of accounts. This is because an attacker can easily extract personal details from users' mailboxes. They can then freely commit identity theft or extract e-mail addresses from the contact lists of the users to distribute spam.

Hence, Shulman urged users to remain wise while doing Web-surfing, particularly while entering account credentials on software sites. Simultaneously, he reminded software owners that they have the duty to safeguard users' information that is provided to them.

He further said that users must be careful and reset the password for their e-mail accounts because their credentials might be at risk.

Related article: Subscribers of Batelco Internet Attacked by Phishing Scam

» SPAMfighter News - 23-12-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial