The grey hat hacker collective TeamHav0k recently discovered a significant vulnerability in the popular genealogy Web site Ancestry.com.
"TeamHav0k published a small proof of concept that shows the existence of the vulnerability, along with some database tables to demonstrate that the cross-site scripting (XSS) and the SQL Injection issues they uncovered can be exploited by hackers who don’t have the most honorable intentions," writes Softpedia's Eduard Kovacs.
"It’s uncertain at this time if Ancestry.com's webmasters have been directly notified by the group regarding these vulnerabilities," Kovacs writes.
Go to "TeamHav0k Explains the Perils Behind the Flaws in Ancestry.com" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.