Yahoo patches another hole in mail
Date: August 21, 2006Source: Scmagazine.com
The attackers gain access to the inboxes by sending emails containing malicious JavaScript code, according to tests conducted by Israeli security firm Avnet, which disclosed the flaw to Yahoo earlier this month.
Upon opening the malicious email, and without having to click on any links or attachments, users unknowingly send their cookies to the hacker's server. Hackers can then retrieve the cookie to gain access to the user's inbox, allowing them to send emails and steal passwords.
Yahoo fixed the flaw last week, and there have been no reported exploits, company spokesman Kelley Podboy said today in an e-mail.
Original article
Add comment
Email to a Friend
