Yahoo praised for fixing website flaw

Yahoo has been praised for its quick response to a flaw in a Yahoo job site that could have left visitors vulnerable to infection.

Security firm Impervia warned Yahoo of the flaw, which could have been exploited by a method known as SQL injection.

However, Yahoo was able to deploy a fix within hours, meaning visitors are now protected from such attacks.

"This is why it's important to warn about potential SQL injection-hacked problems like this. If the potential problem is allowed to continue for any length of time, then the risk of a hacker attack rises as a result," said Amichai Shulman, Imperva's chief technology officer.

The attack involves placing infected code onto a web page that can then detect and steal any data entered by a visitor to the site.

The information stolen in SQL injection attacks is commonly shared on hackers' forums, where data that could allow criminals to steal identities or empty bank accounts is traded.


Great Christmas savings when you subscribe to Web User magazine. Order now and save up to 30%.