Breaking News : YAHOO has just released a security patch that prevents a serious bug which allowed hackers to read any email

in #news8 years ago

Breaking News : YAHOO has just released a security patch that prevents a serious bug which allowed hackers to read any email

enter image description here
image credit

Yahoo has just issued a security patch of a highly critical XSS (cross-site scripting) security vulnerability in its users’ email system that allowed hackers to read any email contents.

Who discovered this security flaw ?

Jouko Pynnonen, a famous cyber-security researcher lived in Finland first discovered this serious issue and reported it to Yahoo. Jouko Pynnonen also reported a serious bug in Yahoo last year that allowed hackers to hack any user’s account by using XSS (cross-site scripting) vulnerability. He was also awarded in $10,000 by Yahoo’s bug bounty program on Hackerone.

How does this bug work ?

Jouko Pynnonen has posted an article on his personal blog about how the bug works. He said that the bug existed in the email’s HTML filtering.
Jouko sent an email with various sorts of attachments to inspect the raw code in HTML (Hyper Text Markup Language) of that email. However, Yahoo has a protection to block malicious codes of these type HTML emails in its filtration process.

But, Jouko had succeeded to bypass this filtration process by sending a YouTube link in that email which allowed him to execute a JavaScript code. After executing this malicious JavaScript he was able to read victim’s email finally.

According to his statement :

“As long as the URL pointed to a white-listed website such as YouTube, it was not further sanity checked or encoded,” writes Pynnonen.

I’m still a Yahoo user. What can I do now to get rid off ?

Do not scare …. Yahoo has already fixed this poisonous flaw.


Sources for the news and further reading


enter image description here
image credit


follow me on steemit AND resteem it


>>Thanks to @elyaque for designing my badges :)<<

                     MY STATS
   REPUTATION SCORE : 67 | TOTAL FOLLOWERS : 265
   TOTAL BLOG POSTS : 335  | TOTAL LIKES : 18459
   TOTAL EARNINGS   : $2488.32
Sort:  

Glad that I have not any yahoo (as well as hotmail / gmail) address ^^

Yahoo used to be very good at one time. Now every-time you try and play a video or watch news on their page it stutters or stops. Yahoo needs a full time health check and as for security know one is safe no matter which one you use.

This post has been ranked within the top 10 most undervalued posts in the second half of Dec 09. We estimate that this post is undervalued by $36.00 as compared to a scenario in which every voter had an equal say.

See the full rankings and details in The Daily Tribune: Dec 09 - Part II. You can also read about some of our methodology, data analysis and technical details in our initial post.

If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.

Coin Marketplace

STEEM 0.20
TRX 0.26
JST 0.040
BTC 101672.76
ETH 3666.48
USDT 1.00
SBD 3.15