I don't Adamson and Eva it! - INQUIRER rhyming slang
|
|
|
Yahoo vulnerability exposed
YAHOO has been a little under the weather this week, as Netcraft exposed a vulnerability on its site leaving users account details open to attack.
Unfortunately for Yahoo, Netcraft wasn’t the only one who noticed this – the HotJobs section of the site was being used to transmit stolen details, sent to a remote hacker in the US.
This hacker was happily gathering Yahoo users’ account details enabling access into Yahoo Mail – the user doesn’t even need to type in their user name and password for the hacker to accomplish this, visiting the malign URLs on yahoo.com can be enough.
The attack exploits a cross-site scripting vulnerability which allows the attacker to inject obfuscated JavaScript into the affected page.
The script steals the authentication cookies that are sent for the yahoo.com domain and passes them to a different website in the US which the hacker is using to gather this information.
Netcraft has informed Yahoo of this attack, although at the time of writing, the HotJobs vulnerability and the attacker's cookie harvesting script are both still present.
Yahoo said that it is thankful to Netcraft for pointing this vulnerability out, and that the problem is in hand, although it does advise users to change their passwords. µ
L'Inq
Netcraft
Share this:
Share
That this crap continues to happen to these so-called 'cloud' based services.
Why in the hell doe people continue to flock towards online services like that? Every single one of these players have had some kind of embarrassing user-detail leak, stolen passwords etc.etc.etc.

And 'enterprises' are supposed to use and trust these asshats? What a little buzzword can't do for your failing business models... 

This is why I just rent a coloc box now that runs my entire digital life... Sheesh...