Yahoo! fixes Yahoo! Mail security flaws 22nd Oct 2005
am 31.10.2005 03:34:48 von spamhotmail22nd Oct 2005
Yahoo! fixes Yahoo! Mail security flaws
Filed under: Web Stuff Webmail Service News Security Alert -
Mridul @ 07:07 am
Yahoo! fixes Yahoo! Mail security flaws
Search engine giant Yahoo! has updated their web mail service Yahoo!
Mail to fix some of the security flaws discovered in recent times. This
flaw is popularly known as the cross-site scripting vulnerability and
existed because the flaw existed because the service did not detect
certain script tags in combination with certain special characters. As
a result, the web mail facility was vulnerable to phishing scams,
account hijacks, and other attacks.
The flaw was discovered by SEC Consult, which issued an advisory on the
flaw Friday. However, these are pretty common in web based applications
and had been discovered in services like Google and Microsoft's Xbox
360 website. Some other areas of Yahoo! web services are also said to
be affected by it.
Yahoo! said in a statement that the flaws have been fixed in the recent
weeks and the users are protected to these kinds of security
vulnerabilities. Karen Mahon, a Yahoo spokesperson said in a release:
"Yahoo recently learned of an issue in Yahoo Mail and worked
immediately to begin rollout of a server-side fix which does not
require users to take any action. We are unaware of any users who were
impacted by this issue."