Egyptian hacker claims to find Yahoo flaws
The hacker, who calls himself 'Virus_Hima' says gained the respect of vendors now from previous security work
IDG News Service - A hacker in Egypt has released vague details of three vulnerabilities he claims to have found within Yahoo's website, the second time in two months he's found problems in the website of a major technology company.
The hacker, who calls himself "Virus_Hima," released screenshots that he alleged proves the problems he found, one of which allowed him to access a full backup of one of Yahoo's domains. The other two problems are a cross-site scripting vulnerability and a SQL injection vulnerability, according to a post on Pastebin.
He wrote that he held off releasing data gained by exploiting the Yahoo vulnerabilities since he said he's now gained the respect of vendors following his previous hacks of Adobe, Yahoo and others. Virus_Hima alerted IDG News Service to his latest work with Yahoo, but he did not immediately answer follow-up questions via email.
In November, Virus_Hima released a batch of more than 200 email addresses he obtained from a vulnerable database belonging to Adobe Systems. He only released email addresses ending in "adobe.com," ".mil" and ".gov." Other data released included the full names, titles, organizations, email addresses, usernames and encrypted passwords of users in a variety of U.S. government agencies.
Adobe subsequently shut down Connectusers.com, which is a community forum for users of its Connect Web conferencing service.
Virus_Hima wrote that after he published the Adobe data, the company soon contacted him and said the issue would be patched. He wrote that previously companies waited up to three to four months before resolving the issues.
The hacker also wrote that he was not the person selling a cross-site scripting vulnerability on a hacker forum for $700, which was covered by the Krebs on Security blog.
But Virus_Hima appears to be planning to take it easy for a while. "I'm not planning to do any more leaks soon." He also had a tip for software vendors: "Always be proactive, not reactive, in safeguarding your critical data."
Yahoo officials could not be immediately reached for comment.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Data on the Move = Business on the Move; How Strategic Secure Managed File Transfer Adds Value and Drives Business This whitepaper describes the formal and informal file-sharing methods business employees use to perform their daily functions and explains that, from sending small...
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Supercharge Your Web and Mobile App Development with High-Productivity Hybrid Cloud Webinar: Hear from industry experts about the amazing power at the intersection of next-generation web and mobile application development and cloud platforms.
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Internet White Papers | Webcasts