I think we can all agree that Yahoo has really had an off decade (or so). Most recently, reports revealed that, basically, Yahoo’s security mechanism was at best an honor system and at worst a giant fraud. This is only the latest major uh-oh in a string of them.

The crazy thing is that most cracking instances are either the result of not keeping up with patches or boneheaded programming errors that allow code injection, SQL injection, and cross-site scripting. This happens over and over and over again. Avoiding these problems is easy: All you need are good coding and QA practices.

But many organizations don’t do that. Instead they move development to “low-cost countries” and treat attacks as a sort of rare, 100-year weather event they can’t avoid or afford to mitigate. Thus, it happens over and over again.

To read this article in full or to leave a comment, please click here

Source: Security