Yahoo! Quick To Fix Security Flaw

Hours after Web analytics firm Netcraft ( announced a flaw on a Yahoo ( website used to steal users' authentication cookies to gain access to Yahoo accounts, such as Yahoo Mail, the company blocked entry to hackers.

In an email message to theWHIR Monday, Yahoo's HotJobs division stated that the cross-site scripting vulnerability found on Sunday was quickly fixed. "The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, October 26) and a fix was deployed within a matter of hours," read the statement. "Yahoo appreciates Netcraft's assistance in identifying this issue."

According to a Sunday post from Netcraft, "The attack exploits a cross-site scripting vulnerability on Yahoo's HotJobs site at, which currently allows the attacker to inject obfuscated JavaScript into the affected page. The script steals the authentication cookies that are sent for the domain and passes them to a different website in the United States, where the attacker is harvesting stolen authentication details."

Having assured customers that it has fixed this flaw, Yahoo also suggested further precautions for users worried about their account security. "As a safety precaution, we recommend users change their passwords, should they still be concerned. Users should always verify via their Sign-in Seal that they are giving their passwords to"

"Sign-in Seal" is a secret message or image that users create to protect Yahoo users from phishing attacks. Users are shown the custom text or image when they are on a legitimate Yahoo page, making them quickly aware when they visit a fraudulent site.

The company has also created a website to continually educate users about online security (

"Security is an industry-wide issue and one that Yahoo treats seriously," read Yahoo's statement. "Yahoo considers users' security as a priority and continues to take a hard look at how to effectively combat malicious behavior and protect its users."

No responsibility can be taken for the content of external Internet sites.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: