Skip to main content

Yahoo Team Closes Dangerous Flaw In Hotjobs Website

Technical teams at Yahoo Inc. have been extolled for their prompt and effective action in fixing a critical flaw in one of the company’s websites that could have left a large number of its visitors being afflicted with malware.

The company has successfully plugged a security hole in its online jobs portal "HotJobs", after security firm Imperva cautioned Yahoo of a severe SQL injection vulnerability last week.

Imperva identified the reported vulnerability when it found that the members of various online hacking forums were engaged in discussions on the mechanisms to exploit the flaw.

However, Yahoo showed incredible promptness in its action to fix the issue, as the security firm informed about it on Thursday morning last week, and within just four hours, by the evening on the same day the flaw had been addressed.

Although the hackers doesn’t appear to have exploited the flaw, the incident comes as an eye-opener for the web companies to stay geared up to examine codes thoroughly, and to be watchful and respond promptly in case vulnerabilities are disclosed, as Yahoo seems to have done.

Discussing about the swiftness Yahoo showed in handling the issue, the CTO at Imperva, Amichai Shulman, said: “I reported the incident, caught a flight to the US and by the time I landed I had a reply from them saying they had identified and fixed it”.

Our Comments

Kudos to Yahoo for intervening so rapidly and promptly. Security is a serious matter, especially when it involves your own partners and users. Earlier this year, Monster got embroiled in a hack where the criminals made off with details of more than 4.5 million users.

Related Links

Yahoo Careers website patched to close SQL flaw (opens in new tab)

(SC Magazine)

Yahoo site flaw uncovered (opens in new tab)

(V3.co.uk)

Yahoo praised for fixing website flaw (opens in new tab)

(Web User)

Yahoo blocks job site vulnerability after hackers take aim (opens in new tab)

(ComputerWeekly)

Yahoo! Defends Jobs Site Against SQL Injections (opens in new tab)

(eWeek Europe)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.