Latest news
Imperva has issued a warning after finding a serious SQL injection flaw with Rockyou.com - a social networking application development web site.The SQL injection flaw could have allowed attackers to access the 32 million entries of user names plus passwords in the Rockyou.com database - and since the user names and passwords are by default the same as the users webmail account—such as Hotmail, Yahoo or Gmail—this is a major lapse in security.
An attacker can use these credentials to perform any of the following actions:
1. Extract private information from the inbox: credit card numbers, confidential business information, passwords to another application such as bank application embarrassing pictures etc.
2. Identity theft – The attacker can send mail to the victim’s entire contact list on behalf of the victim.
3. Harvest the contacts info for spam – if each account has 10 unique contacts then the spammer will have 300 million addresses to spam.
"We have notified the site operators of this problem, who re-acted quickly and fixed the issue over the weekend. Unfortunately some accounts had already been compromised before the vulnerability was fixed. All users need to be cautious and ensure they change their email passwords as their credentials may have been put at risk” said Amichai Shulman, Imperva CTO.
Spotlight
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
