Log in

No account? Create an account
I am the person who will destroy China. (madman101) wrote,
I am the person who will destroy China.

i'm mainly posting this to show i'm not crazy

my main yahoo mail was hijacked - it think it was about this time last year

it stole my cookie boo hoo and FUCKED WITH ME - causing all sorts of major problems.  it stole my mail and server passwords and i don't know what else.

my yahoo weather still says i live in peurto rico or someplace

i ended up not being able to use my computer - and a seemingly endless process of trying to fix things, restore efficiency, and install effective security programmes followed, and it really only ended a month or so ago.  although i was able to use my mail again earlier than that.  i did end up finding a hidden trojan, etc.  but who knows - maybe i succeeded through no action of my own, but simply because yahoo plugged the security hole later last year!

Yahoo plugs Web mail security hole

Measures now in place to foil potential security breach posed by e-mail attachments

By Juan Carlos Perez, IDG News Service
August 16, 2006

Yahoo Inc. has fixed a security vulnerability in its Yahoo Mail service that could have allowed malicious hackers to hijack accounts and harm users in a variety of ways.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft


"We have developed a fix for this bug and have deployed it worldwide. Yahoo Mail users will not be required to take any action to be protected from this exploit," said Kelley Podboy, a Yahoo spokeswoman, via e-mail.

Nir Goldshlager and Roni Bachar from Avnet, a computer security company based in Israel, discovered the vulnerability in early August.

The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code, Bachar said via e-mail.

The exploit allowed the JavaScript code to be executed as soon as a recipient opened the e-mail message, even if the recipient didn't open the attachment.

It was also possible to steal the recipient's Yahoo Mail cookie, hijack the session and gain access to the person's in-box. "This attack vector could be used to launch a variety of other more sophisticated attacks," Bachar wrote. These could include unleashing worms, installing keylogger programs, phishing and scanning ports on the PC.

After identifying the vulnerability, Bachar and Goldshlager immediately alerted Yahoo, so that the vendor could patch its system. Bachar isn't aware of any known exploits of the vulnerability.


  • Pelosi is a crazy person.

    I love how liberals like Naomi Wolf, Glenn Greenwald, Robert Kennedy Jr., (Bill Maher!), and Jonathan Turley are speaking up against the bullcrap.…

  • Wicker Park

    Well, I am just not into LJ these days. I have lots to write, but it just isn't happening, really. I am a little on edge, drawing out my stay…

  • dazed yet not confuzzled

    My LJ is etreeemly slow, right now. So, I'm not going to be around until that changes. I just wanted to mention: Do you know what is a really…

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded