Tom Olzak

Ease of use equals risk? Thanks, Yahoo.

In Application Security, Computers and Internet, Java on February 13, 2013 at 20:31

In Yahoo 5 Years Behind on Java Security – Yahoo! News, Ben Weitzenkorn summarizes a Brian Krebbs article about Yahoo’s apparent disregard for the unwitting website do-it-yourself website tool provided to the less HTML proficient on a budget.  The vulnerable website development tool is SiteBuilder and the vulnerability is its use of Java 6.7 (old and full of security holes) for implementation.

I used SiteBuilder long ago for my website.  It is a kludge that gets the unskilled designer to a simple design.  It is limited and should be trashed.  However, many small business have insufficient budget to hire a real developer; they rely on tools and promises supplied by companies like Yahoo.  Apparently, Yahoo didn’t get the message about living up to the trust put into them by users who don’t know better.

It appears that Yahoo responded to Krebb’s orginal article.  Brian writes,

Update, Feb. 13, 4:47 p.m. ET: Yahoo! finally got back to me, issuing the following spin-tastic statement: ““Yahoo! Web Hosting websites can be built and maintained using a variety of tools that give businesses the flexibility to develop sites according to their needs and technical comfort. We will continue to work on delivering the best experiences for our customers.” When asked what readers should take from the above statement, a spokesperson for the company said Yahoo! had tweaked SiteBuilder so that it is now bundled with Java 6 Update 39, and that it will be updated to Java 7 by the end of the month. Hopefully, it won’t be Java 7 Update 1.

sigh…

 

 

%d bloggers like this: