Yahoo Stuck Without SQL Injection Antidote

An SQL injection hackers access to hundreds of thousands of Yahoo users' email addresses and passwords, were promptly posted on the Web. Security wonks Yahoo through the wringer for it, saying SQL injection defense should be of any decent set of security measures. , the FTC swatted Google, Amazon smartphone rumors bubbled , and RIM took an angry crowd of shareholders.

The term "SQL injection" sounds pretty scary -- of medical, painful, maybe even lethal. And it can be, for websites that fall to it. It involves tricking a site forming a rogue SQL command that prompts a database to deliver its contents right into the of the attacker. If it's successful, a hacker can access to a ton of sensitive information.

The side of SQL injection is that it's not exactly cutting . It's something security pros have seen time and again, and they've developed a set of precautions and best practices websites can follow in to protect themselves.

Unfortunately, Yahoo apparently wasn't in the of following those guidelines.

The company recently confirmed nearly half a million unencrypted email addresses, complete passwords, had been into the hands of hackers by of Yahoo's Voice website. The hackers then posted the information publicly as a sort of shame--you directed Yahoo.

Security gurus were quick to jump the company's throat its poor hygiene. SQL injection is not some mystical, esoteric act of cybersorcery that nobody understands. It may not be literally the trick in the book, but it's old and well- enough that Yahoo is getting pummeled for falling it.

Obviously, Yahoo users should change passwords ASAP. As with any email and password , it's not just your email that's risk -- if you use the same combo any other site, that account's security has been compromised .

FTC Polishes Its Paddle

The U.S. Federal Trade Commission is ready to bend Google over its and give it a $22.5 million spanking the search company's apparent habit of violating the privacy of people use Apple's Safari Web browser.

Although it's the biggest fine levied by the FTC, that $22.5 million paddling is unlikely to cause Google real and direct financial pain. To stretch the analogy past its breaking point: Everything about Google is big, even its end, and the FTC's tiny little hands won't raise so as a welt.

But if the fine itself doesn't hurt, it's not exactly a mark of pride Google to be called out in a way. It's now the holder of a pretty notorious record, for a company so often suspected playing fast and loose with privacy, always while wearing that "don't be evil" halo it crowned itself .

For the FTC, getting Google to settle for is by the commission's standards an enormous fine is a big win its reputation. Critics of the commission have needling it for years for what they claim is a soft stance consumer privacy. And they'll probably keep saying that, but at least the FTC can counter that it showed its that one time. And companies tempted to disregard user privacy might sit and take notice, especially if their pockets aren't nearly deep as Google's.

So what did Google do to get itself into this in the first place? According to privacy watchdog groups, it circumventing certain settings in Apple's Safari browser insert cookies in users' machines permission. Google claimed it was all a big mistake, that they never meant to do . But that argument apparently didn't score many points the FTC. And given the post-Google Buzz consent agreement the company signed the commission that allowed for fines of up to $16,000 per violation day, perhaps Google decided it would be smart to cap it at $22.5 million while it still the chance.


Adapted and abridged from: technewsworld.com, July 14, 2012.