Monday, October 27, 2008

Yahoo! Phishing Exploit

Netcraft reports:

Ongoing Phishing Attack Exposes Yahoo Accounts

The Netcraft toolbar community has detected a vulnerability on a Yahoo website, which is currently being used to steal authentication cookies from Yahoo users — transmitting them to a website under the control of a remote attacker. With these stolen details, the attacker can gain access to his victims' Yahoo accounts, such as Yahoo Mail.

The attack exploits a cross-site scripting vulnerability on Yahoo's HotJobs site at, which currently allows the attacker to inject obfuscated JavaScript into the affected page. The script steals the authentication cookies that are sent for the domain and passes them to a different website in the United States, where the attacker is harvesting stolen authentication details.

I have pointed out on this very blog that access to gmail and Yahoo! accounts is extra-valuable since they potentially have 'wallet' functions appended to them.

No comments: