All the latest UK technology news, reviews and analysis

Yahoo Mail users warned of brute force attacks

by Phil Muncaster

19 Sep 2009

Be the first to comment

  • Tweet this
yahoo mail beta
Yahoo Mail users could find their accounts under attack

Yahoo Mail users are being warned that a two-year-old hole in the service could be allowing hackers to gain easy access to their accounts, according to new reports.

Ryan Barnett, director of application security research at Breach Security, said the problem stems from a web application that automates the log-in procedure for the popular webmail service, according to a report in The Register.

However, this web app crucially fails to adhere to the same security checks normally followed by the usual log-in page, enabling "some sort of water tunnel that the bad guys are walking right through”, Barnett is reported as saying.

Hackers are therefore using the unsecure web app to carry out brute force attacks on user passwords – a process whereby they try all possible combinations of letter and numbers to crack the password, and gain entry to the account.

Other security experts are reported as saying that this new revelation confirms what many have suspected for a while – backend applications are a key factor in the increasing success of account hijacking cases targeting all social networks and portal sites.

Once hacked, the accounts can be used to send out spam and malware that stand a better chance of bypassing traditional filters.

Hackers may also choose to use the account details to try to access banking accounts, as many people use the same or similar passwords on multiple accounts.

Yahoo is understood to be investigating the vulnerability.

Do you agree?

 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

34%

0%

11%

55%

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

Application Security SME, Penetration Tester / Ethical Hacker

Application Security SME, Penetration Tester / Ethical...

Java Developer

Java Developer Thomas Cook Online is the business unit...

Contract Systems Administrator, Windows £320 per day

Contract Systems Administrator, Southampton My...

PHP Web Developer, PHP, to £30k + 30% bonus

PHP Web Developer required to join my market-leading...

To send to more than one email address, simply separate each address with a comma.