Close Call for Yahoo! HotJobs

Reports have been surfacing over the past few weeks of a near miss for Yahoo! HotJobs, which caught a potential SQL injection vulnerability before hackers could infiltrate the job search engine.

eweekeurope.co.uk says data security specialist Imperva reported the potential flaw, known as a Blind SQLi problem, to Yahoo! before any damage was done. Imperva was tipped off when it saw members of hacking forums were discussing possible ways to exploit Yahoo! HotJobs.

Imperva’s chief technology officer, Amichai Shulman, explained the threat posed by this type of security problem on globalsecuritymag.com:

“This is a flaw that could mean that the personal information of large numbers of people are compromised. Data like this can be extremely useful as far as identity thieves are concerned. This is exactly the sort of data that is traded on so-called carder forums.

SQL injection is a major thorn in the side for the website hosting community. It can be tackled with careful research and high levels of security. Unfortunately, some site operators overlook this simple fact at high risk.”

UK news website guardian.co.uk was not so lucky, revealing in late October that its jobs portal had been the victim of a “sophisticated and deliberate hack”, which an Imperva spokesperson, quoted by thetechherald.com, said could have been due to SQL injection flaws.

Related posts:

1. Yahoo! HotJobs Yahoo! HotJobs is a US based job search engine. It is subscription based for advertisers, and lists international positions as well as jobs in the US....
2. Yahoo! Cost Cutting Pays Off Yahoo! Inc has registered a decrease in revenues for the third quarter of 2009 but profits have increased beyond expectations....
3. HotJobs Sales Exec Moves to jobthread.com US based job advertising provider jobthread.com has a new vice president of sales – Rod Garcia, a former senior sales executive at Yahoo! HotJobs. ...

Related posts brought to you by Yet Another Related Posts Plugin.