Yahoo has fixed a potential security flaw in its email service that could have allowed hackers to hijack Yahoo email accounts
Security researchers alerted Yahoo to the the email flaw

Yahoo fixes email hole

Malicious HTML attachment could reveal recipient's mail cookie

Andrew Charlesworth

vnunet.com, 17 Aug 2006

Yahoo has fixed a potential security flaw in its email service that could have allowed hackers to hijack Yahoo email accounts.

The problem was discovered earlier in August by Nir Goldshlager and Roni Bahar of Israeli security company Avnet

Advertisement

The security hole required hackers to create an HTML attachment with different encoding schemes to bypass Yahoo Mail's security filter and then execute JavaScript code to download the recipient's mail cookie.

Once acquired, the cookie would provide access to the email session and hence the email inbox to read, send and delete emails.

A recipient would have to open only the malicious email, not the attachment too.

Although the mail cookie would not have given the hacker password control over the email account directly, once the email session had been hijacked the hacker could have gained the password by using the facility offered by Yahoo (and all other mail providers) to email passwords to customers who have forgotten them.

After identifying the vulnerability, Bachar and Goldshlager immediately alerted Yahoo.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

IT security experts warned today of a "widespread phishing email campaign" that tries to swindle unwary recipients by pretending to offer a cash prize from Gmail

Phishers target Google Gmail users

No such thing as a free lunch, warns security expert

Serious BlackBerry hack attack exposed

Hacking program due to be released next week

RIM plays down BlackBerry hack threat

BBProxy attack makes 'several reaching assumptions'

Cost of hack attacks against UK firms rising fast

Big companies doing well, smaller ones less so

Related whitepapers

Related jobs

Most watched

Summit: Views From the Valley

V3.co.uk's US office weighs in on the information overload crisis

John Chambers speaks on collaboration

Cisco boss talks up new offerings

More video

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Nikos Drakos

Summit: Dealing with communications overload

We ask Gartner Research director Nikos Drakos for advice on...

HP logo

HP scoops up 3Com for $2.7bn

Deal nearly doubles size of HP's networking operation

Data security

Summit video: Open Rights Group discusses data privacy

ORG's Jim Killock calls on the government to become more...

John Chambers speaks on collaboration

Cisco boss talks up new offerings

Primary Navigation