Results 1 to 3 of 3

Thread: Yahoo! Mail service vulnerable to hacking

  1. #1
    Junior Member Ace's Avatar
    Join Date
    Apr 2006
    Thanked 0 Times in 0 Posts

    Default Yahoo! Mail service vulnerable to hacking

    Hi everyone! Don't know if this is the right place to post this. Heads up:,7...290172,00.html

    Yahoo! Mail service vulnerable to hacking

    Exclusive: Simple security vulnerability allows hackers to gain control over email boxes by sending malicious code. Yahoo: We are distributing a repair
    Ehud Kenan

    A security vulnerability exposes Yahoo! Mail private mailboxes to hackers, Ynet has learned.

    A test conducted by Nir Goldshlager and Roni Bahar from the Israeli security company Avnet shows hackers may gain access to Yahoo!Mail users' mailboxes by sending an email message with a malicious code.

    According to a test conducted by Ynet, and without disclosing the process, a new email account was opened. An email message was sent to that mailbox along with an html file with the malicious code, as an attachment.

    Opening the tainted email on Internet Explorer undetectably sends the user's cookie to the hacker's server. The user is exposed to the vulnerability without having to download or open the html file.

    Full access to users' mailboxes

    At this point, the hacker can retrieve the cookie from the remote server, and gain full access to the user's mail box, with no time limit. The hacker may read and send emails from the mailbox.

    The hacker cannot change the password from within the mailbox, since such an action requires entering the original password.

    However, according to Goldshlager and Bahar, tools available online may be used to retrieve personal information from the cookie. The information may assist the hacker to use the password retrieval system, normally used by users who forgot their password. Alternatively, the hacker can exploit the vulnerability for performing phishing and by sending different malicious code, he can direct the user to enter his password in a site resembling Yahoo.

    A user whose cookie was stolen may change his password, but it will still leave the hackers with access to parts of the mailbox, such as user's calendar.

    Yahoo's spokeswoman, Kelley Podboy told Ynet: "Online security issues such as this bug are taken very seriously at Yahoo! We have developed a fix and are in the process of deploying it worldwide. Yahoo! Mail users will not be required to take any action to be protected from this exploit."

    Might be too late to hide your privy stuff. yahoo!

  2. #2
    Senior Member samizdat's Avatar
    Join Date
    Jun 2006
    Thanked 1 Time in 1 Post

    Default Re: Yahoo! Mail service vulnerable to hacking

    I thot this was old news. People have been sending emails from my yahoo mail for years. I even get some junk mai from fake me, and quite a bit from fake yahoo admin.

    canto XXV Dante

    from purgatory, the lustful... "open your breast to the truth which follows and know that as soon as the articulations in the brain are perfected in the embryo, the first Mover turns to it, happy...."
    Shema Israel

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.

  3. #3
    Forum General Brian Baldwin's Avatar
    Join Date
    Jul 2005
    Thanked 2 Times in 2 Posts

    Default Re: Yahoo! Mail service vulnerable to hacking

    I don't deal with Yahoo. To me they are as secure as AOL which means not at all. I feel badly for all those DSL customers that are forced to have Yahoo as their ISP. I've heard too many horror stories and fixed too many messes that come from them to believe that Yahoo even cares what happens to their customers once they have their money. Much like AOL.
    Brian Baldwin

    Yea though I walk through the valley of the shadow of death I shall fear no evil.... For I am the meanest S.O.B. in the valley.

    "A simple way to take measure of a country is to look at how many want in... And how many want out." - Tony Blair on America

    It is the soldier, not the reporter, who has given us freedom of the press.

    It is the soldier, not the poet, who has given us freedom of speech.

    It is the soldier, not the campus organizer, who has given us the freedom to demonstrate.

    It is the soldier who salutes the flag, who serves beneath the flag, and whose coffin is draped by the flag, who allows the protester to burn the flag.

    -Father Denis O'Brien of the United States Marine Corp.

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts