Kitz Forum

Internet => General Internet => Topic started by: oldfogy on September 19, 2009, 12:54:55 AM

Title: Brute-force attacks target two-year hole in Yahoo! Mail
Post by: oldfogy on September 19, 2009, 12:54:55 AM
Quote
Brute-force attacks target two-year hole in Yahoo! Mail

Your password is 123456

Scammers are exploiting a two-year-old security hole in Yahoo's network that gives them unlimited opportunities to guess login credentials for Yahoo Mail accounts, a researcher said.

The vulnerability resides in a web application that automates the process of logging in to the widely used webmail service. Because it fails to carry out a variety of security checks followed by the login page Yahoo! Mail users typically use, it's providing criminals with a backdoor through with user accounts can be breached, said Ryan Barnett, director of application security research at Breach Security.

"If the front gate of your castle is your login page to Yahoo Mail, they've done a good job of securing it," he told The Register. The web application amounts to "some sort of water tunnel that the bad guys are walking right through."

snip

http://www.theregister.co.uk/2009/09/18/ongoing_yahoo_mail_attacks/
Title: Re: Brute-force attacks target two-year hole in Yahoo! Mail
Post by: kitz on September 19, 2009, 02:31:08 AM
 :'(