Yahoo! Mail: XSS! allowed! the! hack! each! account!

Yahoo Mail can be considered one of the worst services which circulates in into a security. In 2014 the company after a hack exposed 500 million accounts, but decided to keep it a secret, exposing its users to very serious risks.

What has changed today? Probably not too much:Yahoo

Security researcher Jouko Pynnonen has discovered a cross-site scripting security vulnerability (XSS) in the Yahoo Mail service that effectively allows an attacker to access any account and read emails freely.

Yahoo reportedly fixed this flaw last week rewarding the researcher with $10.000, according to the program company bounty.

Pynnonen explained that it was possible for an attacker to break into company accounts simply by bypassing the HTML filtering that Yahoo uses for που κρύβουν κακόβουλο κώδικα .

Worst of all, users didn't even have to click on links or open attachments . They just opened the email the hacker sent them.

The flaw allows an attacker to read a victim's email or create a virus to infect Yahoo Mail accounts, among others. The attack requires the victim to see an email sent by the attacker. There is no need for any further interaction (such as clicking on a link or opening an attachment), ”says the researcher.

Yahoo was notified of the hack on November 12 and fixed it on November 29. So now you are supposed to be safe.

https://klikki.fi/adv/yahoo2.html

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).