Two Critical Flaws Found in Yahoo
Security researcher Aditya K. Sood has alleged that a couple of serious redirection and phishing vulnerabilities have been detected in Yahoo network. Mr. Sood posted this on a security advisory for public reference.
The attacker could manipulate the URL linked to Yahoo website and redirect traffic to use it for phishing. The seriousness of this is that a third party could call the URL for a phishing activity.
According to Sood the entire Yahoo network is susceptible to this style of cyber attack. But the researcher also said that after Yahoo patched the flaw quickly in just 24 hours.
Sood also reported a second phishing attack, which is still not fixed by Yahoo. He alleged that this attack relates to the Yahoo search core network.
In this, the links lead to searches for the next page. Here too phishers can manipulate it and divert traffic and exploit the Yahoo search engine to launch phishing attacks, Sood explained in his advisory. He said the vulnerability disturbs the Yahoo search engine in totality, as per news published by Enterpriseitplanet.com on June 26, 2007.
This security flaw is the most recent one to stir the giant website where businesses and consumers are entrusting with excessive amount of sensitive information relating to e-mail, address books and calendar entries.
Meagan Busath, spokesperson for Yahoo, said that Yahoo knows about the flaw. She said that Yahoo is earnest about the security of the site and its users. The search giant always implements the necessary steps to protect its consumers. The search engine is particularly aware of the phishing problem because it connects to the phishing industry at broader level. Busath assured that Yahoo is working on a fix, as reported by News.millersmiles.co on June 23, 2007.
Early in June 2007, Yahoo Inc. stepped into trouble when a Yahoo spokeswoman, Terrell Karlsten, revealed too many specifics about an exploit code that attacked Yahoo Messenger. The information that she divulged was sufficient for the hacker to launch his exploit codes. The hacker issued two ActiveX exploit codes specifically to Webcam application on the Full Disclosure mailing list of Yahoo Messenger. However, Yahoo released the required patch for the exploits.
Related article: THE SPAM MAFIA
» SPAMfighter News - 11-07-2007