eBay closes critical security holes

eBay closes critical security holes

The online auction house eBay has fixed two vulnerabilities in its US web site. One of the vulnerabilities was a critical SQL injection hole in the site's selling area that gave potential attackers unauthorised read and write access to one of the company's databases. SQL injection holes allow attackers to inject database commands by exploiting inadequately filtered HTTP parameters. The hole was discovered by security researcher David Vieira-Kurz, who confidentially reported the security issue to eBay. The researcher said that the company responded quite quickly and closed the hole after 20 days. Talking to The H's associates in Germany,

Who influenced this selection?What is this?

What the influencers are saying

  1. Sam Bowne

    178.0 days ago

    eBay closes critical security holes http://t.co/sKWFr4Tz

  2. Graham Cluley

    178.0 days ago

    eBay closes critical security holes http://t.co/O4qF81pv

  3. Steve Werby

    178.0 days ago

    RT @gcluley eBay closes critical security holes http://t.co/7aPRhC65 <= SQLi and XSS



, join the conversation

Related Reading

News

Most Popular

Commentary

On the Web

More On the Web»

Video

Slideshow



InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.