A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits.
The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page...........
_________________ I use Google Search on Puppy Forum
not an ideal solution though
Joined: 01 Dec 2011 Posts: 633 Location: Kamloops BC Canada
Posted: Mon 26 Nov 2012, 04:00 Post_subject:
Yahoo exploited read link
The thing is... there have been many vulnerabilities discovered involving cross-site scripting which have been fixed to date as explained here. So, I am thinking that this must be a new security risk that will have to be addressed. Unfortunately, it doesn't appear to be a "one size patch fixes all" kind of problem.
Monsie _________________ My username is pronounced: "mun-see". Derived from my surname, it was my nickname throughout high school.