June 2013 Issue

Threat of the month

Subscribe
Archive

Subscribe	Advertising

Archive	Log in \| Register

Bad Pigs removed from Google Play after 10k downloads

Download the SC Magazine app for iOS and Android!

eConference: Auditing and compliance 6/25

SC Editions

Danielle Walker, Reporter

November 27, 2012

Yahoo email hijack possible with $700 XSS exploit

Yahoo reportedly has yet to fix vulnerable code that is allowing a hacker to sell a $700 exploit capable of undermining a cross-site scripting (XSS) issue in Yahoo's website. The company still is in search of the malicious URL that is being used to spread the inject, which would allow successful bidders to hijack Yahoo webmail users' accounts. The bug first was reported Friday by security blogger Brian Krebs, who wrote that the malicious marketer was offering to sell the exploit only to “trusted people,” so as to keep news of the flaw unknown to those aiming to patch it. A Yahoo spokesperson did not respond to a request for comment made by SCMagazine.com on Tuesday.

Editorial

Threat of the month

Bad Pigs removed from Google Play after 10k downloads

Download the SC Magazine app for iOS and Android!

eConference: Auditing and compliance 6/25

Yahoo email hijack possible with $700 XSS exploit

Next Article in News

Narilam virus targets Middle East, but isn't like others

Sign up to our newsletters

SC Magazine Articles

More in News

IT decision makers are more optimistic about breach detection than they should ...

Trojan uses fake Adobe certificate to evade detection

The new update for Java will close 40 security vulnerabilities