Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 23 May 2013, 13:35
All times are UTC - 4

 Forum index » Off-Topic Area » Security
Yahoo exploited read link
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
nooby

Joined: 29 Jun 2008
Posts: 9389
Location: SwedenEurope
PostPosted: Sun 25 Nov 2012, 18:55    Post subject:  Yahoo exploited read link  
http://www.wilderssecurity.com/showthread.php?p=2148480#post2148480
http://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/

Quote:
A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits.

The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page...........

_________________

I'm a noob so I use Google Search of Puppy Forum
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 465
PostPosted: Mon 26 Nov 2012, 00:24    Post subject:  
Supposedly the NoScript addon for FireFox offers protection against XSS attacks ... http://noscript.net/features#xss
Back to top
View user's profile Send private message 
Monsie


Joined: 01 Dec 2011
Posts: 464
Location: Kamloops BC Canada
PostPosted: Mon 26 Nov 2012, 04:00    Post subject: Yahoo exploited read link  
The thing is... there have been many vulnerabilities discovered involving cross-site scripting which have been fixed to date as explained here. So, I am thinking that this must be a new security risk that will have to be addressed. Unfortunately, it doesn't appear to be a "one size patch fixes all" kind of problem.

Monsie
_________________
My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

[ Time: 0.0459s ][ Queries: 12 (0.0124s) ][ GZIP on ]