Monday, June 30, 2008

Yahoo Mail flaw found and fixed

If you have Yahoo desktop messenger , you need to read this one

Researchers at Cenzic discovered a vulnerability in Yahoo Mail they said could allow attackers to steal Yahoo identities and potentially access users’ sensitive information.
The company, a Web application security provider based in Santa Clara, Calif., notified Yahoo of the cross-site scripting flaw in its popular Web mail program on May 23 and Yahoo fixed it June 13.
The vulnerability requires the attacker use Yahoo Messenger desktop application version 8.1.0.209 to chat with someone using the Messenger support in the latest version of Yahoo Mail. An attacker can make their chat status “invisible” and craft a malicious message; when he returns to the chat and the user clicks on the message, the malicious scripting is executed, said Mandeep Khera, Cenzic vice president of marketing.

Read More