Late last month, Yahoo admitted that a hacker had substantially altered the content of a news story on its site. The hacker later said that he had amended as many as three other stories over the course of a month.
Yahoo was alerted to the attack by security consultancy SecurityFocus. SecurityFocus told Yahoo that the hacker wanted to highlight security weaknesses in the Yahoo system and was not targeting the site for malicious reasons.
Companies that rely on content management tools to alert them if text or images on their Web sites have been altered are being advised by experts to consider extra security provisions, to ensure that they do not fall victim to similar attacks.
Bryan Richter, vice president and general manager of business content management tools developer Stellent, said, "Firms need to better manage the content on their sites and how that content gets there. Many companies are still vulnerable to rogue information being published, either by malicious intent or by accident, and the risks they run can be enormous."
However, content management systems can help to limit the damage such attacks cause. Michael Puhala, content infrastructure strategist at Interwoven, said, "A good content infrastructure strategy separates content creation from Web production. As soon as a violation occurs to content on the live site, the original content can be redeployed to the Web server from the database or content repository."
