November 27, 2012

Yahoo email hijack possible with $700 XSS exploit

Yahoo reportedly has yet to fix vulnerable code that is allowing a hacker to sell a $700 exploit capable of undermining a cross-site scripting (XSS) issue in Yahoo's website. The company still is in search of the malicious URL that is being used to spread the inject, which would allow successful bidders to hijack Yahoo webmail users' accounts. The bug first was reported Friday by security blogger Brian Krebs, who wrote that the malicious marketer was offering to sell the exploit only to “trusted people,” so as to keep news of the flaw unknown to those aiming to patch it. A Yahoo spokesperson did not respond to a request for comment made by SCMagazine.com on Tuesday.


Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Hacker defaces Facebook fan page of children's theme park

After contacting Facebook and claiming he was allowed access to manage the page, a miscreant blocked previous administrators and littered the page with sexual and racist references.

Warrantless email snooping banned in Texas

Law enforcement in the state must now have a warrant to peruse through residents' email messages.

City of Waukee website pulled offline after hacker defaces site

The website for the city of Waukee in Iowa was defaced two days in a row by saboteurs.