All the latest UK technology news, reviews and analysis

Yahoo fixes email hole

by Andrew Charlesworth

17 Aug 2006

Be the first to comment

  • Tweet this
Yahoo has fixed a potential security flaw in its email service that could have allowed hackers to hijack Yahoo email accounts
Security researchers alerted Yahoo to the the email flaw

Yahoo has fixed a potential security flaw in its email service that could have allowed hackers to hijack Yahoo email accounts.

The problem was discovered earlier in August by Nir Goldshlager and Roni Bahar of Israeli security company Avnet

Further reading

The security hole required hackers to create an HTML attachment with different encoding schemes to bypass Yahoo Mail's security filter and then execute JavaScript code to download the recipient's mail cookie.

Once acquired, the cookie would provide access to the email session and hence the email inbox to read, send and delete emails.

A recipient would have to open only the malicious email, not the attachment too.

Although the mail cookie would not have given the hacker password control over the email account directly, once the email session had been hijacked the hacker could have gained the password by using the facility offered by Yahoo (and all other mail providers) to email passwords to customers who have forgotten them.

After identifying the vulnerability, Bachar and Goldshlager immediately alerted Yahoo.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

A Microsoft logo

Microsoft posts critical Internet Explorer patch with February fixes

Related white papers

Related articles

Related jobs

Today's top stories

Google logo

Google’s Motorola acquisition cleared by European and US competition authorities

Asus Transformer Prime vs Apple iPad 2

Apple iPad 2 vs Asus Transformer Prime head-to-head review

Apple logo

Apple commissions independent inspection of Foxconn iPhone and iPad factories

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

C# or VB.net Financial Trading Systems Developer - Commodities Systems

Leading Financial Trading Systems Brokerage / Capital...

Technical Consultant - Windows, Virtualisation, HP, Server, Sto

Technical Consultant - Windows, Virtualisation, HP, Server...

Applications Migration Project Manager

The role requires an experienced Project Manager, particularly...

iPhone and iPad App Developer

iPhone and iPad developer required! We are seeking...

To send to more than one email address, simply separate each address with a comma.