Egyptian hacker claims to find Yahoo flaws
The hacker, who calls himself 'Virus_Hima' says gained the respect of vendors now from previous security work
IDG News Service - A hacker in Egypt has released vague details of three vulnerabilities he claims to have found within Yahoo's website, the second time in two months he's found problems in the website of a major technology company.
The hacker, who calls himself "Virus_Hima," released screenshots that he alleged proves the problems he found, one of which allowed him to access a full backup of one of Yahoo's domains. The other two problems are a cross-site scripting vulnerability and a SQL injection vulnerability, according to a post on Pastebin.
He wrote that he held off releasing data gained by exploiting the Yahoo vulnerabilities since he said he's now gained the respect of vendors following his previous hacks of Adobe, Yahoo and others. Virus_Hima alerted IDG News Service to his latest work with Yahoo, but he did not immediately answer follow-up questions via email.
In November, Virus_Hima released a batch of more than 200 email addresses he obtained from a vulnerable database belonging to Adobe Systems. He only released email addresses ending in "adobe.com," ".mil" and ".gov." Other data released included the full names, titles, organizations, email addresses, usernames and encrypted passwords of users in a variety of U.S. government agencies.
Adobe subsequently shut down Connectusers.com, which is a community forum for users of its Connect Web conferencing service.
Virus_Hima wrote that after he published the Adobe data, the company soon contacted him and said the issue would be patched. He wrote that previously companies waited up to three to four months before resolving the issues.
The hacker also wrote that he was not the person selling a cross-site scripting vulnerability on a hacker forum for $700, which was covered by the Krebs on Security blog.
But Virus_Hima appears to be planning to take it easy for a while. "I'm not planning to do any more leaks soon." He also had a tip for software vendors: "Always be proactive, not reactive, in safeguarding your critical data."
Yahoo officials could not be immediately reached for comment.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts