Ο college student and security researcher Robert Kugler has warned her for a long time Yahoo that there are vulnerabilities in its code, but the company seems to ignore it.
Kugler has found that Yahoo has a vulnerability that allows attackers to redirect their victims to any site of their choice, with a URL from domain yahoo.com. The technique is called open redirect or open redirect and helps cheats to trick their victims who trust domain yahoo.com.
In one of his publications, Kugler shows how yahoo.com can redirect to google.com:
Although the end of the URL indicates that something might be wrong, it just encodes the address URL of the redirect hiding its tracks:
http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2
Yahoo believes that there is no vulnerability, although redirects are the favorite technique of phishers.
