[Boatanchors] Yahoo Email Problems

J. Forster jfor at quikus.com
Thu Jan 31 14:08:32 EST 2013


In addition to the PW theft I posted about yeszterday, there seems to be
another issue with Yahoo webmail accounts. It works like this:

Yahoo user logs into their webmail account. Yahoo sets a Cookie, allowing
user to return to that account without another login.

User is done with email, and goes off to surf or clicks some link, and
winds up at a malicious site. That site downloads the Yahoo-set Cookie.

User goes off and does other things.

Malware site uses the Yahoo Cookie to log into the user's account and
Yahoo grants full access- the malicious user has the correct cookie after
all. Once in, the malware can spam email the user's entire Address Book,
read the user's email, or anything else. The malicious uswer has full
access.

See:

http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/

The solution to this attack is to not click any links or go surfing
anywhere, while logged into your Yahoo account. I( know it's a PITA, but
blame the hackers and spammers.

FWIW,

-John

======================






More information about the Boatanchors mailing list