Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo! XSS Flaw Endangers its Users

Posted by CowboyNeal on Thursday June 14, 2007 @07:16PM from the ever-vigilant dept.

Rarely Greys writes "A major Yahoo XSS flaw makes it possible to take over any Yahoo user's account, including their mail, instant messaging, photos, etc. This is not a rare occurrence. So why aren't web sites doing more to protect their users? It's looking like most web developers don't even know or care about XSS."

1 of 157 comments (clear)

Min score:

Reason:

Sort:

Not necessarily that they don't try. by Fireflymantis · 2007-06-14 19:46 · Score: 5, Interesting

As a web developer myself, I try dillagently to kill off any XSS attacks by writing good secure code, but there will always be a few corner cases in any non-trivial application that one does not count for. This is doubly so when dealing with web services that have to pump out huge amounts of data over an insecure medium.

What is most showing is how fast it will be till Yahoo fixes this vunerability as a sign of their metal.

imho...