« Identifying browsed pages behind SSL via packet size monitoring | Main | ICANN Terminates EstDomains Registrar Accreditation due to Fraud, Money Laundering Convictions »

Yahoo Security Flaw Fixed in hours

"Hours after Web analytics firm Netcraft (www.netcraft.com) announced a flaw on a Yahoo (www.yahoo.com) website used to steal users' authentication cookies to gain access to Yahoo accounts, such as Yahoo Mail, the company blocked entry to hackers.

In an email message to theWHIR Monday, Yahoo's HotJobs division stated that the cross-site scripting vulnerability found on Sunday was quickly fixed. "The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, October 26) and a fix was deployed within a matter of hours," read the statement. "Yahoo appreciates Netcraft's assistance in identifying this issue."

According to a Sunday post from Netcraft, "The attack exploits a cross-site scripting vulnerability on Yahoo's HotJobs site at hotjobs.yahoo.com, which currently allows the attacker to inject obfuscated JavaScript into the affected page. The script steals the authentication cookies that are sent for the yahoo.com domain and passes them to a different website in the United States, where the attacker is harvesting stolen authentication details."

Read More: http://www.thewhir.com/marketwatch/102808_Yahoo_Fixes_Security_Flaw_Quick.cfm


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!