Yahoo Tightens HotJobs After Hackers Hit
Page 1 of 1
In a move that could have saved thousands of potential victims of identity theft, Yahoo techs have fixed a flaw in the online news and advertising company's HotJobs Web site, one of the leading online job sites with thousands of subscribers.
The flaw, a cross-site scripting vulnerability, was discovered by Internet services company Netcraft, which notified Yahoo (NASDAQ: YHOO) about it on Sunday. Netcraft said it discovered a similar flaw on Yahoo's ychat.help.yahoo.com site earlier this year.
But that isn't necessary if someone wants to get unauthorized access to a Yahoo Mail account, as the hacking of vice presidential candidate Governor Sarah Palin's Yahoo Mail account showed.
In a statement e-mailed to InternetNews.com, Yahoo said the HotJobs site flaw was fixed within a matter of hours. Yahoo recommended that users change their Yahoo passwords just to be safe.
Yahoo keeps its eyes peeled
Yahoo spokesperson Emily Fox told InternetNews.com the company followed its existing procedures for defending its network from attack. The portal is constantly on the lookout to prevent this sort of thing from happening, she added.
That might entail auditing both the code and the applications, said Dave Marcus, McAfee's director of security research and communications. Any mistakes made during the examination may lead to the site being taken over by hackers and being used to distribute malware, he added.
"Security is an industry-wide issue and one that Yahoo treats seriously," the company said. "Yahoo considers users' security as a priority and continues to take a hard look at how to effectively combat malicious behavior and protect its users."