[Boatanchors] Yahoo Email Problems

J. Forster jfor at quikus.com
Thu Jan 31 15:37:26 EST 2013 

Even if you do not check the box, you will remain signed-in until you
close your browser. The same is true of gmail. The box only alters what
happens on next sign-in.

Unless you SPECIFICALLY 'sign-out' the active cookie remains.

-John

================



> If one un-checks the "box" that tells Yahoo to keep the account "logged
> in", then one does not get the cookie.  I use Yahoo for things like E-Mail
> reflectors for a number of reasons including keeping SPAM away from my
> primary E-Mail accounts.  However, I never check the box which allows a
> cookie to be implemented.
>  
> Glen, K9STH
>
>
> Website:  http://k9sth.com
>
>
> ________________________________
>  From: J. Forster <jfor at quikus.com>
> To: ArmyRadios at yahoogroups.com
> Cc: boatanchors at mailman.QTH.net; VMARS at yahoogroups.com;
> ARC5 at mailman.QTH.net; Rebecca-Eureka at yahoogroups.com;
> Milsurplus at mailman.QTH.net; boatanchors at puck.nether.net;
> Vintage-Military-RADAR at yahoogroups.com
> Sent: Thursday, January 31, 2013 1:08 PM
> Subject: [Boatanchors] Yahoo Email Problems
>
> In addition to the PW theft I posted about yeszterday, there seems to be
> another issue with Yahoo webmail accounts. It works like this:
>
> Yahoo user logs into their webmail account. Yahoo sets a Cookie, allowing
> user to return to that account without another login.
>
> User is done with email, and goes off to surf or clicks some link, and
> winds up at a malicious site. That site downloads the Yahoo-set Cookie.
>
> User goes off and does other things.
>
> Malware site uses the Yahoo Cookie to log into the user's account and
> Yahoo grants full access- the malicious user has the correct cookie after
> all. Once in, the malware can spam email the user's entire Address Book,
> read the user's email, or anything else. The malicious uswer has full
> access.
>
> See:
>
> http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/
>
> The solution to this attack is to not click any links or go surfing
> anywhere, while logged into your Yahoo account. I( know it's a PITA, but
> blame the hackers and spammers.

More information about the Boatanchors mailing list