Monday, February 4, 2013
In Yahoo mail system detected a serious vulnerability
According to antivirus company Bitdefender, in the case of Yahoo, hackers used a number of vulnerabilities in security software and Yahoo mail service intercepted session files-cookie, allowing them to take control of the user interface and send spam through it, also using the system to reduce reference bit. ly. Initially, the campaign was focused on western users, as it was used only in the style of writing fraudulent posts news website MSNBC, after fraudsters were being sent for such traditional campaign proposals on domestic earnings over the internet.
Such a system of organization is logical and convenient, but only when the operator software, devoid XSS-vulnerabilities.
Thus, in the case of Yahoo, use files from developer.yahoo.com in some cases gave greater access to mail.yahoo.com, which is a vulnerability. Previously, something like that had been found in a multi-user version of Wordpress.
In Bitdefender say they have found a problem with sites of Yahoo on Wednesday and Thursday notified the very internet company. Now, as assured in the latter, the problem is eliminated. However, Bitdefender say that the software Yahoo has at least one month does not make any significant changes, and the problem must have existed at least during this period.