The term "SQL injection" sounds pretty scary -- kind of medical, painful, maybe even lethal. And it can be, for websites that fall victim to it. It involves tricking a site into forming a rogue SQL command that prompts a database to deliver its contents right into the hands of the attacker. If it's successful, a hacker can gain access to a ton of sensitive information.
Monday 16 July 2012
Yahoo Stuck Without SQL Injection Antidote
Posted on 00:07 by Maria Scott
The bright side of SQL injection is that it's not exactly cutting edge. It's something security pros have seen time and time again, and they've developed a whole set of precautions and best practices websites can follow in order to protect themselves.
Unfortunately, Yahoo apparently wasn't in the habit of following those guidelines.
The company recently confirmed that nearly half a million unencrypted email addresses, complete with passwords, had been leaked into the hands of hackers by way of Yahoo's Voice website. The hackers then posted the information publicly as a sort of shame-on-you directed at Yahoo.
Security gurus were quick to jump down the company's throat for its poor hygiene. SQL injection is not some mystical, esoteric act of cybersorcery that nobody fully understands. It may not be literally the oldest trick in the book, but it's old and well-known enough that Yahoo is getting pummeled for falling for it.
Obviously, Yahoo users should change their passwords ASAP. As with any email and password leak, it's not just your email that's at risk -- if you use the same combo for any other site, that account's security has been compromised too.
Subscribe to:
Post Comments (Atom)
No Response to "Yahoo Stuck Without SQL Injection Antidote"
Leave A Reply