New Yahoo vulnerability


You most likely may agree with me on the importance of email security, the issues web users have been having with securing their email accounts, and why among the most popular email providers, Yahoo has been the most attacked. Probably because they are the oldest and most popular free email provider (or maybe not); or probably because they have some of the worst security-engineers in the planet (someone actually told me this one day and I still refuse to believe him though). But that’s by-the-way.

I received a mail from a friend lately and the content was just a link from one libertyteamusa domain and a timestamp as the signature. Decided to verify the link, and I found out that it was a zero-day exploit that attackers now use to compromise Yahoo email accounts.See more details here

For the tech-savvy ones, I’ve located a video that details how this was carried out (thanks to offensive security). I shall only upload this video because Yahoo claims to have fixed this vulnerability.

 

Action/Advice

If you have received such mails before, and clicked on such links; or if you discover that your account is sending spam emails, follow the following steps.

  1. Change your password
  2. Clear your cookies
  3. Enable spam filters
  4. Stop clicking every link you see, even it’s from a friend. Verify all links.

I’m writing this in a hurry, but i’ll update this post to give you full details later.

For now, ciao

Advertisements

25 thoughts on “New Yahoo vulnerability

  1. I don’t leave a lot of comments, however i did some searching and wound up here New Yahoo vulnerability | Solving Problems, with fun. And I do have some questions for you if it’s allright.
    Is it simply me or does it look as if like a few of these remarks come across as if they
    are coming from brain dead visitors? 😛 And, if you are posting on
    other places, I’d like to keep up with everything fresh you have to post. Could you list of every one of your community sites like your linkedin profile, Facebook page or twitter feed?

  2. Amazing blog! Is your theme custom made or did you download it from
    somewhere? A theme like yours with a few simple adjustements would really make my blog stand out.
    Please let me know where you got your design. Cheers

  3. Pretty excellent day, this is the definitely superb web-site, I have plummeting in adore studying many on the posts and threads contained after the location, sustain the great work as well as hope to learn a lot more exciting articles from the time to come.

  4. Hi, Neat post. There is a problem along with your website in web explorer, might check this… IE nonetheless is the marketplace chief and a big element of other folks will omit your fantastic writing because of this problem.

    • Wynans,
      This problem you talk about, is it a scripting error or a flash error? I use Internet Explorer 9, Mozilla Firefox, and Google Chrome. No issues with mine so far. Maybe you could put me through on what the error messages are.

  5. My email was dishing out mails without my order. But i rarely do click on links from mails else confirmed ones.
    I have changed my password to a longer and twisted one. I am tempted to make my gmail my official mail.
    Yahoo has to sit up.

    • Yes they really should. I use gmail as well, and microsoft live. You could also try the paid email providers. They sure would do better.
      It could also mean that your system is compromised. I suggest you do a deep scan of your computer for malware (there may be a keylogger in your PC). If you use Internet Explorer, you could also try out other browsers (I prefer incognito browsing with Google Chrome). Then you can try changing your password again.
      I hope this helps.
      E

Have your say here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s