Oracle has been busy updating security breaches, it’s just that this time the breach is not to Java but rather Java.com. Java security breaches are about as routine as waking up and eating breakfast. Finding a vulnerability regarding Java.com on the other hand is as common as Iowans having breakfast at Tiffany’s with Donald Trump.
YGN hackers, an ethical hacker group, discovered the flaw to the Java.com security system about a week ago. What they discovered is that Java.com was particularly vulnerable to arbitrary URL redirects. Being an ethical hacker group, they immediately disclosed the information to Oracle so they could begin making repairs as quickly as possible.
Oracle responded to YGN with a letter saying “Thank you for bringing this issue to our attention. We appreciate your note and wanted to let you know that we have fixed it.” Oracle did not however respond to queries from the press who were increasingly curious about just how Java.com became vulnerable in the first place, how it was fixed, and particularly if there had been any serious damage caused by the breach which was not disclosed.
While URL redirection flaws may not seem serious to the lay user, this particular type of weakness can be exploited by hackers for massive phishing attacks. Mitre, a security tracking group, had the following to say regarding redirection flaws of this nature:
“An http parameter may contain a URL value and could cause the Web application to redirect the request to the specified URL,” the CWE-601 definition states. “By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.”
YGN is widely regarded as a top ethical hacker’s group having not only exposed and reported this current Java.com flaw, but flaws with several security systems including McAfee.com.
Not all hackers are so ethical; in March, Oracle’s Website MySQL.com was attacked with a SQL injection that allowed the Romanian hackers dubbed “TinKode” and “NeOh” to post a list of usernames and passwords online. According to TeamShatter,
“This is one of the many breaches I’ve seen lately where usernames/passwords or email addresses have been compromised. Not only should members using this site make sure to reset their passwords immediately, many people still use the same passwords for additional sites including social networking and online shopping. It’s critical that users also reset their passwords for these sites as well if were using the same password as MySQL.com… Many people utilize the MySQL.com site. To manage their MySQL subscriptions, trouibleshoot issues, etc. Those member’s usernames and passwords might have also be compromised in this attack.”