The Sun. Totally hackable. (Flickr/DBduoPhotography)

On the heels of Secretary of Defense Leon Panetta scaring the crap out of everyone regarding cyberattacks, SophosLabs' NakedSecurity blog linked to a Homeland Security alert which warns that hackers could take control of solar energy plants.

Plant administrators use the vulnerable software to control energy-generating solar plants. However the programming wasn't written with security in mind; it's a swiss cheese of SQL injection holes:

According to information released by the researchers Robert Paleari and Ivan Speziale, the Sinapsi eSolar product contains a number of critical security vulnerabilities that make the devices easily exploitable by remote attackers, who could gain administrative privileges and run arbitrary commands and code on vulnerable eSolar devices.

Those security holes include a slew of SQL injection vulnerabilities in webpages included with the device firmware. Among other things, the researchers found they could exploit SQL injection holes in the web based management interface to access the underlying MySQL database, gaining access to usernames and passwords for the device.

Coders turned the stupid up a notch by storing passwords in plaintext.

Sinapsi, the company that makes the software, has known about the problems for months but never responded to the researchers who discovered it, so those researchers made their findings public a few days ago.

Attackers who took over vulnerable systems could control facilities around the world, including several in California and Arizona.

As far as we know, the sun itself still sports ironclad encryption.

Yahoo! (Getty)

That was fast. In mid-July hackers calling themselves "the D33Ds Company" gave Yahoo a spanking for lax security by posting the login information of some of the 453,000 mostly unpaid bloggers working for Yahoo and Associated Content's contributor network. Less than a month later, we've got the first class-action lawsuit related to the breach.

New Hampshire resident Jeff Allan is the named plaintiff in the case. In papers filed July 31 in a U.S. District Court in Northern California, attorneys detailed how Mr. Allan discovered his information was compromised:

Within days of the breach, Mr. Allan received an alert of account fraud on his eBay account, which used the same login credentials as disclosed in the Yahoo breach. Mr. Allan does not know what other information the hackers and others have gathered about
him.

The lawsuit also quotes IT security expert Jason Rhykerd. Addressing the SQL injection hack that grabbed the info from Yahoo's database, Mr. Rhykerd said the "amount of network traffic this attack would have generated should of (sic) set off the lightest of [intrusion detection system] rules."

The suit's "Prayer for relief" indicates Mr. Allan is seeking unspecified damages for himself and anyone else affected by Yahoo!'s "negligence."

Between this suit and the exodus of high-ranking staffers, new CEO Marissa Mayer may well be offering up some prayers of her own.