Computer Crime Research Center

etc/8892.jpg

Yahoo patches another hole in mail

Date: August 21, 2006
Source: Scmagazine.com


Yahoo has fixed a vulnerability in its web mail service that, if exploited, could allow hackers access to users' mailboxes.

The attackers gain access to the inboxes by sending emails containing malicious JavaScript code, according to tests conducted by Israeli security firm Avnet, which disclosed the flaw to Yahoo earlier this month.

Upon opening the malicious email, and without having to click on any links or attachments, users unknowingly send their cookies to the hacker's server. Hackers can then retrieve the cookie to gain access to the user's inbox, allowing them to send emails and steal passwords.

Yahoo fixed the flaw last week, and there have been no reported exploits, company spokesman Kelley Podboy said today in an e-mail.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo