Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Brute-force attacks target two-year hole in Yahoo! Mail  (Read 2201 times)

oldfogy

  • Helpful
  • Kitizen
  • *
  • Posts: 3568
  • If it ain't broke....... I'll soon fix it.
Brute-force attacks target two-year hole in Yahoo! Mail
« on: September 19, 2009, 12:54:55 AM »

Quote
Brute-force attacks target two-year hole in Yahoo! Mail

Your password is 123456

Scammers are exploiting a two-year-old security hole in Yahoo's network that gives them unlimited opportunities to guess login credentials for Yahoo Mail accounts, a researcher said.

The vulnerability resides in a web application that automates the process of logging in to the widely used webmail service. Because it fails to carry out a variety of security checks followed by the login page Yahoo! Mail users typically use, it's providing criminals with a backdoor through with user accounts can be breached, said Ryan Barnett, director of application security research at Breach Security.

"If the front gate of your castle is your login page to Yahoo Mail, they've done a good job of securing it," he told The Register. The web application amounts to "some sort of water tunnel that the bad guys are walking right through."

snip

http://www.theregister.co.uk/2009/09/18/ongoing_yahoo_mail_attacks/
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33032
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Brute-force attacks target two-year hole in Yahoo! Mail
« Reply #1 on: September 19, 2009, 02:31:08 AM »

 :'(
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker