Today Yahoo fixed two serious security flaws in its popular e-mail system. Yahoo was alerted of these security problems towards the end of May and June. So why is it that Yahoo took such a long time to issue a solution?
Apparently Yahoo was able to fix the first security in a couple of days, while the other flaw took longer than expected. The first flaw allowed attackers to read a victim"s browser cookies. The second flaw allowed the appearance of some pages to be altered. These "cross-site scripting flaws" are a relatively common issue in web application security, but that doesn"t make them any less lethal. Unlike other flaws cross site scripting use server"s to attack client machines.
Cross site scripting flaws are really impressive (the way it uses a server to attack the client). By attacking the user this way tracking the one responsible becomes far more difficult. It"s good to see that Yahoo has taken the proper steps to protect its users, and the best part is Yahoo users don"t have to lift a finger. As all Yahoo had to do was fix its server code.