Author

Topic: Yahoo Flaw Allowed Hackers to Read Anyone's Emails (Read 232 times)

legendary
Activity: 2026
Merit: 1034
Fill Your Barrel with Bitcoins!
Just another reason why your personal information and data is never safe online or in a cloud. Even the largest companies are vulnerable.
legendary
Activity: 1049
Merit: 1006


Yahoo Flaw Allowed Hackers to Read Anyone's Emails

http://thehackernews.com/2016/12/hack-yahoo-email.html

<< Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox.

Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures.

Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. >>
Jump to: