| |
Yahoo Bounces Back From SQL Injection Flaw
By Doug Caverly
Staff Writer
Article Date: 2009-11-17
Jobseekers are perhaps some of the last people in the world who deserve to be bothered by malware; things are tough enough for the unemployed, particularly in this economy. Yahoo might deserve a round of applause, then, as the company fixed an SQL injection vulnerability affecting its HotJobs site.
It says quite a lot about SQL injections that a site owned by a huge technology company could be threatened by them. Consider that the site collects personal information from people, too, and so probably received a bit more attention from Yahoo's security experts than is usual.
What's more, it's not like HotJobs is some tiny experiment or a newly acquired property; Compete estimates that it received about 255,000 unique visitors in October, and Yahoo bought it in 2002 for about $436 million.
Then, if you want additional proof of SQL injection flaws' nastiness, the CTO of a security firm called Imperva (which in fact discovered the HotJobs vulnerability) also told Sophie Curtis, "In my opinion, SQL injections are the number one security threat to data applications."
Still, it didn't take long for Yahoo to take action - HotJobs was made safe within hours, not days or weeks - which should earn the company some points.
And this whole incident illustrates a way in which SQL users can make themselves useful. Looking for flaws could keep SQL fans safe in their current jobs, or at least speed up the process if it happens that a hunt for employment is already necessary.
About the Author:
Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.
|
|
