Yahoo Mail hackings expose exploit
MANILA, Philippines - Yahoo Mail users who may have suffered a hack attempt during the weekend may want to be extra vigilant in their online activities.
An exploit in Yahoo Mail is seemingly to blame for this issue, and despite an attempt by Yahoo to remedy the problem, the exploit reportedly still remains in some form.
On Monday, The Next Web wrote about mass hackings that occurred during the weekend. According to their report, "a DOM-based XSS vulnerability that is exploitable in all major browsers" was to blame for the incident. An update mentioned that the issue seemed to have been resolved by Yahoo, but a new report by The Next Web on January 8 seems to point to the contrary.
In a post on its site, information security firm Offensive Security notes how, "With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account."
Yahoo has been sent word of the claim by Offensive Security, and while Yahoo investigates the matter further, it would be a good idea to watch your activities online closely and not click on any links that seem remotely suspicious. - Rappler.com