Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Two Critical Flaws Found in Yahoo

Security researcher Aditya K. Sood has alleged that a couple of serious redirection and phishing vulnerabilities have been detected in Yahoo network. Mr. Sood posted this on a security advisory for public reference.

The attacker could manipulate the URL linked to Yahoo website and redirect traffic to use it for phishing. The seriousness of this is that a third party could call the URL for a phishing activity.

According to Sood the entire Yahoo network is susceptible to this style of cyber attack. But the researcher also said that after Yahoo patched the flaw quickly in just 24 hours.

Sood also reported a second phishing attack, which is still not fixed by Yahoo. He alleged that this attack relates to the Yahoo search core network.

In this, the links lead to searches for the next page. Here too phishers can manipulate it and divert traffic and exploit the Yahoo search engine to launch phishing attacks, Sood explained in his advisory. He said the vulnerability disturbs the Yahoo search engine in totality, as per news published by Enterpriseitplanet.com on June 26, 2007.

This security flaw is the most recent one to stir the giant website where businesses and consumers are entrusting with excessive amount of sensitive information relating to e-mail, address books and calendar entries.

Meagan Busath, spokesperson for Yahoo, said that Yahoo knows about the flaw. She said that Yahoo is earnest about the security of the site and its users. The search giant always implements the necessary steps to protect its consumers. The search engine is particularly aware of the phishing problem because it connects to the phishing industry at broader level. Busath assured that Yahoo is working on a fix, as reported by News.millersmiles.co on June 23, 2007.

Early in June 2007, Yahoo Inc. stepped into trouble when a Yahoo spokeswoman, Terrell Karlsten, revealed too many specifics about an exploit code that attacked Yahoo Messenger. The information that she divulged was sufficient for the hacker to launch his exploit codes. The hacker issued two ActiveX exploit codes specifically to Webcam application on the Full Disclosure mailing list of Yahoo Messenger. However, Yahoo released the required patch for the exploits.

Related article: THE SPAM MAFIA

ยป SPAMfighter News - 7/11/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2024    All rights reserved.    Privacy Statement    Sitemap