Yahoo plugs the email hijacking hole


Well that’s a good news for yahoo email users that the hole has been patched.I know you must be wondering what hole did yahoo patched. The news is that hackers took the advantage of xss vulnerability and some specially crafted  java-scripts to hijack the email accounts.The session of user was used to remain active on the sub-domains.The hackers took advantage of this weakness and plot the hijack .

The hackers used to send bit.ly links and clicking on the link would take the user to the fake MSNBC page.

Root of the problem:-

The problem was with the unpatched WordPress which was being used by Yahoo blog.Though the patch was fixed by WordPress ,but yahoo was using the old version.

Search and destroy:-

The problem was found by bit-defender.yeah,the same group who develop the bit-defender security tool.They found the same in the company spam database,Till thursday,the exploit was still open. The yahoo blog has confirmed that the blog has been patched and yahoo users are safe.

You can get the details about the exploit on Yahoo’s blog

Advertisements