Yahoo Mail can be considered one of the worst services e-mail που κυκλοφορεί στο διαδίκτυο σε θέματα ασφαλείας. Το 2014 η εταιρεία μετά από ένα hack εξέθεσε 500 εκατομμύρια λογαριασμούς, αλλά αποφάσισε να το κρατήσει μυστικό, εκθέτοντας τους χρήστες της σε πολύ σοβαρούς κινδύνους.
What has changed today? Probably not too much:
Security researcher Jouko Pynnonen has discovered a cross-site scripting security vulnerability (XSS) in the Yahoo Mail service that effectively allows an attacker to access any account and read emails freely.
Yahoo reportedly corrected this flaw last week by rewarding the researcher with 10.000 dollars, according to the company's bug bounty program.
Pynnonen explained that it was possible for an attacker to penetrate company accounts simply bypassing the HTML filter used by Yahoo for links that hide malicious JavaScript.
Worst of all, users didn't even have to click σε συνδέσμους ή να ανοίξουν συνημμένα αρχεία. Έφτανε να ανοίξουν το μήνυμα του ηλεκτρονικού ταχυδρομείου που τους απέστειλε ο hacker.
The flaw allows an attacker to read a victim's email or create a virus to infect Yahoo Mail accounts, among others. The attack requires the victim to see an email sent by the attacker. There is no need for any further interaction (such as clicking on a link or opening an attachment), ”says the researcher.
Yahoo was notified of the hack on November 12 and fixed it on November 29. So now you are supposed to be safe.
https://klikki.fi/adv/yahoo2.html
