Author Topic: Yahoo plugs hole that allowed hijacking of email accounts  (Read 413 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14475
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Yahoo plugs hole that allowed hijacking of email accounts
« on: February 04, 2013, 08:40:32 PM »
It was just about a month ago that Yahoo finally rolled out HTTPS for Yahoo Mail, a security feature that other major e-mail providers have long been providing.

Yahoo has now plugged a hole that allowed hijacking of email accounts.  The hackers were using a piece of JavaScript code that was exploiting a cross-site scripting (XSS) vulnerability in the Yahoo Developer Network Blog site, resulting in stealing visitors' Yahoo session cookies.

The vulnerability was discovered by BitDefender who reported it to Yahoo.  Additional information about the vulnerability and how it worked is available at Yahoo plugs hole that allowed hijacking of email accounts.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.