?

Log in

No account? Create an account
avril 2019   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
* - galaxy

i'm mainly posting this to show i'm not crazy

Posted on 2007.05.01 at 20:34
my main yahoo mail was hijacked - it think it was about this time last year

it stole my cookie boo hoo and FUCKED WITH ME - causing all sorts of major problems.  it stole my mail and server passwords and i don't know what else.

my yahoo weather still says i live in peurto rico or someplace

i ended up not being able to use my computer - and a seemingly endless process of trying to fix things, restore efficiency, and install effective security programmes followed, and it really only ended a month or so ago.  although i was able to use my mail again earlier than that.  i did end up finding a hidden trojan, etc.  but who knows - maybe i succeeded through no action of my own, but simply because yahoo plugged the security hole later last year!

Yahoo plugs Web mail security hole

Measures now in place to foil potential security breach posed by e-mail attachments

By Juan Carlos Perez, IDG News Service
August 16, 2006
 
 

Yahoo Inc. has fixed a security vulnerability in its Yahoo Mail service that could have allowed malicious hackers to hijack accounts and harm users in a variety of ways.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

 

"We have developed a fix for this bug and have deployed it worldwide. Yahoo Mail users will not be required to take any action to be protected from this exploit," said Kelley Podboy, a Yahoo spokeswoman, via e-mail.

Nir Goldshlager and Roni Bachar from Avnet, a computer security company based in Israel, discovered the vulnerability in early August.

The problem was Yahoo Mail's handling of attachments. By creating an HTML attachment with different encoding schemes, one could have bypassed Yahoo Mail's security filter and executed malicious JavaScript code, Bachar said via e-mail.

The exploit allowed the JavaScript code to be executed as soon as a recipient opened the e-mail message, even if the recipient didn't open the attachment.

It was also possible to steal the recipient's Yahoo Mail cookie, hijack the session and gain access to the person's in-box. "This attack vector could be used to launch a variety of other more sophisticated attacks," Bachar wrote. These could include unleashing worms, installing keylogger programs, phishing and scanning ports on the PC.

After identifying the vulnerability, Bachar and Goldshlager immediately alerted Yahoo, so that the vendor could patch its system. Bachar isn't aware of any known exploits of the vulnerability.


Comments:


★  Ashlee ★
umbreons_shadow at 2007-05-02 12:04 (UTC) (Lien)
Ew @ yahoo. =\

Wait. It took them A WHOLE year to fix it?
where hypotheses come to die
madman101 at 2007-05-02 21:36 (UTC) (Lien)
well maybe

but it might have taken me a long time to recover - just because of the damage done
Previous Entry  Next Entry