[Boatanchors] Yahoo Email Problems

Glen Zook gzook at yahoo.com
Thu Jan 31 15:36:10 EST 2013


If one un-checks the "box" that tells Yahoo to keep the account "logged in", then one does not get the cookie.  I use Yahoo for things like E-Mail reflectors for a number of reasons including keeping SPAM away from my primary E-Mail accounts.  However, I never check the box which allows a cookie to be implemented.
 
Glen, K9STH


Website:  http://k9sth.com


________________________________
 From: J. Forster <jfor at quikus.com>
To: ArmyRadios at yahoogroups.com 
Cc: boatanchors at mailman.QTH.net; VMARS at yahoogroups.com; ARC5 at mailman.QTH.net; Rebecca-Eureka at yahoogroups.com; Milsurplus at mailman.QTH.net; boatanchors at puck.nether.net; Vintage-Military-RADAR at yahoogroups.com 
Sent: Thursday, January 31, 2013 1:08 PM
Subject: [Boatanchors] Yahoo Email Problems
 
In addition to the PW theft I posted about yeszterday, there seems to be
another issue with Yahoo webmail accounts. It works like this:

Yahoo user logs into their webmail account. Yahoo sets a Cookie, allowing
user to return to that account without another login.

User is done with email, and goes off to surf or clicks some link, and
winds up at a malicious site. That site downloads the Yahoo-set Cookie.

User goes off and does other things.

Malware site uses the Yahoo Cookie to log into the user's account and
Yahoo grants full access- the malicious user has the correct cookie after
all. Once in, the malware can spam email the user's entire Address Book,
read the user's email, or anything else. The malicious uswer has full
access.

See:

http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/

The solution to this attack is to not click any links or go surfing
anywhere, while logged into your Yahoo account. I( know it's a PITA, but
blame the hackers and spammers.


More information about the Boatanchors mailing list