Web site vulnerabilities

College Student Expelled After Bringing Web Vulnerability to School’s Attention

A Canadian college student was expelled after reporting a vulnerability in the school’s Web site that potentially exposed private data on more than 250,000 students.The high-achieving computer science major, Hamed Al-Khabaz and another student, Ovidiu Mija, in November were developing a mobile app using Omnivox Web portal software when they discovered “sloppy coding” that could lead to a major data breach. Ominvox is used at hundreds of Canadian campuses, including theirs at Montreal’s Dawson College.

Bug Hunter Finds ‘Blended Threat’ Targeting Yahoo Web Site

A Romanian bug hunter has discovered a “blended threat” targeting Yahoo’s Developer Network Web site that allows unauthorized access to Yahoo users’ emails and private profile data.At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer.yahoo.com. Yahoo Query Language is the company’s proprietary programming language and used to test queries against Yahoo databases. Authenticated users also can access tables with their own Yahoo account data, such as e-mails and profile data, to mount queries.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.