Webmaster-Talk.com > Website and Search Engine Talk > The Other Search Engines > Yahoo Forum > Yahoo! Mail service vulnerable to hacking

Reply
Yahoo! Mail service vulnerable to hacking
Old 08-31-2006, 03:37 AM Yahoo! Mail service vulnerable to hacking
novirus's Avatar
Junior Talker

Posts: 3
Talkupation: novirus is on a distinguished road
Yahoo! Mail service vulnerable to hacking

Exclusive: Simple security vulnerability allows hackers to gain control over email boxes by sending malicious code. Yahoo: We are distributing a repair

Ehud Kenan
Published: 08.12.06, 19:44


A security vulnerability exposes Yahoo! Mail private mailboxes to hackers, Ynet has learned.


A test conducted by Nir Goldshlager and Roni Bahar from the Israeli security company Avnet shows hackers may gain access to Yahoo!Mail users' mailboxes by sending an email message with a malicious code.


According to a test conducted by Ynet, and without disclosing the process, a new email account was opened. An email message was sent to that mailbox along with an html file with the malicious code, as an attachment.


Opening the tainted email on Internet Explorer undetectably sends the user's cookie to the hacker's server. The user is exposed to the vulnerability without having to download or open the html file.

Full access to users' mailboxes

At this point, the hacker can retrieve the cookie from the remote server, and gain full access to the user's mail box, with no time limit. The hacker may read and send emails from the mailbox.

The hacker cannot change the password from within the mailbox, since such an action requires entering the original password.

However, according to Goldshlager and Bahar, tools available online may be used to retrieve personal information from the cookie. The information may assist the hacker to use the password retrieval system, normally used by users who forgot their password. Alternatively, the hacker can exploit the vulnerability for performing phishing and by sending different malicious code, he can direct the user to enter his password in a site resembling Yahoo.

A user whose cookie was stolen may change his password, but it will still leave the hackers with access to parts of the mailbox, such as user's calendar.

Yahoo's spokeswoman, Kelley Podboy told Ynet: "Online security issues such as this bug are taken very seriously at Yahoo! We have developed a fix and are in the process of deploying it worldwide. Yahoo! Mail users will not be required to take any action to be protected from this exploit."


I hope its useful to email users

Here is the link of the article i posted http://www.ynetnews.com/articles/0,7...290172,00.html



Last edited by novirus : 09-04-2006 at 03:49 AM.
novirus is offline
Reply With Quote
View Public Profile
 
When You Register, These Ads Go Away!
Old 09-02-2006, 11:36 PM Re: Yahoo! Mail service vulnerable to hacking
DaveMo~'s Avatar
Administrator
Defies A Status

Posts: 10,209
Name: Dave
Location: Scott Depot, West Virginia, USA
Talkupation: DaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant futureDaveMo~ has a brilliant future
If quoting a news service, you should post the link to the article.

Dave
DaveMo~ is offline
Reply With Quote
View Public Profile Visit DaveMo~'s homepage!
 
Old 09-03-2006, 03:51 AM Re: Yahoo! Mail service vulnerable to hacking
chrishirst's Avatar
Super Moderator

Latest Blog Post:
Duplicate Content, the myth drags on,
Posts: 13,665
Location: Blackpool. UK
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
http://www.ynetnews.com/articles/0,7...290172,00.html

maybe the OP also should have pointed out that the exploit was fixed almost 3 weeks BEFORE this thread was even started.

Yahoo fixes Web mail bug | News.blog | CNET News.com


If you are going to be a news service at least try to keep up.
__________________
Chris. ->> Links are advertising NOT optimising!! <<-
Indifference will be the downfall of mankind, but who cares?
Code Samples | People Counting System
chrishirst is online now
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Reply     « Reply to Yahoo! Mail service vulnerable to hacking
 
Previous Thread | Next Thread Webmaster-Talk.com > Website and Search Engine Talk > The Other Search Engines > Yahoo Forum > Yahoo! Mail service vulnerable to hacking

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Webmaster Resources Marketplace:
Software Development Company | Webhosting.UK.com
Web Templates | Text Link Brokers | Stock Photos


   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML

 


Page generated in 0.11702 seconds with 12 queries