Yahoo Team Closes Dangerous Flaw In Hotjobs Website

Technical teams at Yahoo Inc. have been extolled for their prompt and effective action in fixing a critical flaw in one of the company’s websites that could have left a large number of its visitors being afflicted with malware.

The company has successfully plugged a security hole in its online jobs portal "HotJobs", after security firm Imperva cautioned Yahoo of a severe SQL injection vulnerability last week.

Imperva identified the reported vulnerability when it found that the members of various online hacking forums were engaged in discussions on the mechanisms to exploit the flaw.

However, Yahoo showed incredible promptness in its action to fix the issue, as the security firm informed about it on Thursday morning last week, and within just four hours, by the evening on the same day the flaw had been addressed.

Although the hackers doesn’t appear to have exploited the flaw, the incident comes as an eye-opener for the web companies to stay geared up to examine codes thoroughly, and to be watchful and respond promptly in case vulnerabilities are disclosed, as Yahoo seems to have done.

Discussing about the swiftness Yahoo showed in handling the issue, the CTO at Imperva, Amichai Shulman, said: “I reported the incident, caught a flight to the US and by the time I landed I had a reply from them saying they had identified and fixed it”.

Our Comments

Kudos to Yahoo for intervening so rapidly and promptly. Security is a serious matter, especially when it involves your own partners and users. Earlier this year, Monster got embroiled in a hack where the criminals made off with details of more than 4.5 million users.

Related Links

Yahoo Careers website patched to close SQL flaw

(SC Magazine)

Yahoo site flaw uncovered

(V3.co.uk)

Yahoo praised for fixing website flaw

(Web User)

Yahoo blocks job site vulnerability after hackers take aim

(ComputerWeekly)

Yahoo! Defends Jobs Site Against SQL Injections

(eWeek Europe)