According to antivirus company Bitdefender, in the case of Yahoo, hackers used a number of vulnerabilities in security software and Yahoo mail service intercepted session files-cookie, allowing them to take control of the user interface and send spam through it, also using the system to reduce reference bit. ly. Initially, the campaign was focused on western users, as it was used only in the style of writing fraudulent posts news website MSNBC, after fraudsters were being sent for such traditional campaign proposals on domestic earnings over the internet.
In Bitdefender say that according to their data fraudsters used for attacks special code in JavaScript, which used the XSS-vulnerability first appeared in the Yahoo Developer Network and associated with the transfer of cookie. Previously, many experts on Security's network has been repeatedly criticized the company for using session cookie-files without appropriate protection mechanism. Thus, in the case of the attack involved the use of so-called supercookie, ie session files, which are issued by the server when the user authorization in two or more different portals single operator. Typically, these files are identifiers associated with subdomains and are issued in respect of the major domains of lower-level domains.
Such a system of organization is logical and convenient, but only when the operator software, devoid XSS-vulnerabilities.
Thus, in the case of Yahoo, use files from developer.yahoo.com in some cases gave greater access to mail.yahoo.com, which is a vulnerability. Previously, something like that had been found in a multi-user version of Wordpress.
In Bitdefender say they have found a problem with sites of Yahoo on Wednesday and Thursday notified the very internet company. Now, as assured in the latter, the problem is eliminated. However, Bitdefender say that the software Yahoo has at least one month does not make any significant changes, and the problem must have existed at least during this period.
No comments:
Post a Comment