Hours after Web analytics firm Netcraft (www.netcraft.com) announced a flaw on a Yahoo (www.yahoo.com) website used to steal users' authentication cookies to gain access to Yahoo accounts, such as Yahoo Mail, the company blocked entry to hackers.
In an email message to theWHIR Monday, Yahoo's HotJobs division stated that the cross-site scripting vulnerability found on Sunday was quickly fixed. "The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, October 26) and a fix was deployed within a matter of hours," read the statement. "Yahoo appreciates Netcraft's assistance in identifying this issue."
Having assured customers that it has fixed this flaw, Yahoo also suggested further precautions for users worried about their account security. "As a safety precaution, we recommend users change their passwords, should they still be concerned. Users should always verify via their Sign-in Seal that they are giving their passwords to Yahoo.com."
"Sign-in Seal" is a secret message or image that users create to protect Yahoo users from phishing attacks. Users are shown the custom text or image when they are on a legitimate Yahoo page, making them quickly aware when they visit a fraudulent site.
The company has also created a website to continually educate users about online security (security.yahoo.com).
"Security is an industry-wide issue and one that Yahoo treats seriously," read Yahoo's statement. "Yahoo considers users' security as a priority and continues to take a hard look at how to effectively combat malicious behavior and protect its users."
No responsibility can be taken for the content of external Internet sites.
Return to hosting news headlines
View Hosting News Archive