[Boatanchors] Yahoo Email Problems
jfor at quikus.com
Thu Jan 31 15:37:26 EST 2013
Even if you do not check the box, you will remain signed-in until you
close your browser. The same is true of gmail. The box only alters what
happens on next sign-in.
Unless you SPECIFICALLY 'sign-out' the active cookie remains.
> If one un-checks the "box" that tells Yahoo to keep the account "logged
> in", then one does not get the cookie. I use Yahoo for things like E-Mail
> reflectors for a number of reasons including keeping SPAM away from my
> primary E-Mail accounts. However, I never check the box which allows a
> cookie to be implemented.
> Glen, K9STH
> Website: http://k9sth.com
> From: J. Forster <jfor at quikus.com>
> To: ArmyRadios at yahoogroups.com
> Cc: boatanchors at mailman.QTH.net; VMARS at yahoogroups.com;
> ARC5 at mailman.QTH.net; Rebecca-Eureka at yahoogroups.com;
> Milsurplus at mailman.QTH.net; boatanchors at puck.nether.net;
> Vintage-Military-RADAR at yahoogroups.com
> Sent: Thursday, January 31, 2013 1:08 PM
> Subject: [Boatanchors] Yahoo Email Problems
> In addition to the PW theft I posted about yeszterday, there seems to be
> another issue with Yahoo webmail accounts. It works like this:
> Yahoo user logs into their webmail account. Yahoo sets a Cookie, allowing
> user to return to that account without another login.
> User is done with email, and goes off to surf or clicks some link, and
> winds up at a malicious site. That site downloads the Yahoo-set Cookie.
> User goes off and does other things.
> Malware site uses the Yahoo Cookie to log into the user's account and
> Yahoo grants full access- the malicious user has the correct cookie after
> all. Once in, the malware can spam email the user's entire Address Book,
> read the user's email, or anything else. The malicious uswer has full
> The solution to this attack is to not click any links or go surfing
> anywhere, while logged into your Yahoo account. I( know it's a PITA, but
> blame the hackers and spammers.
More information about the Boatanchors