Skip to content

Yahoo?? Right uh….


YAHOO has been a little under the weather this week, as Netcraft exposed a vulnerability on its site leaving users account details open to attack.

Unfortunately for Yahoo, Netcraft wasn’t the only one who noticed this – the HotJobs section of the site was being used to transmit stolen details, sent to a remote hacker in the US.

This hacker was happily gathering Yahoo users’ account details enabling access into Yahoo Mail – the user doesn’t even need to type in their user name and password for the hacker to accomplish this, visiting the malign URLs on can be enough.

The attack exploits a cross-site scripting vulnerability which allows the attacker to inject obfuscated JavaScript into the affected page.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: