Last month, Yahoo found itself so overly distracted with kicking out and hiring yet another CEO that it fell prey to an old school SQL injection attack. Security gurus reacted with scorn and dismay at Yahoo’s allowing 400,000 user names and passwords to be carried out the door then displayed on someone’s front lawn for all the world to see, like a yard sale with no buyers.
How could the company not be using a damp towel to wipe the egg from its face? It had fallen prey to a hacker trick so well documented that any online search for the phrase “prevent SQL injection” will cough up 600,000 results.
We can excuse Yahoo for not being the only household brand victim, thanks to SQL attacks on Sony, LinkedIn, even Lady Gaga and another 115 million web applications, according to data protection vendor Imperva.
Full article published in Wired.com/Cloudline: