Yahoo phishing flaw revealed
Yahoo phishing flaw revealed
***
23-Jun-2007Researcher finds major phishing flaw in Yahoo network***
A security researcher is alleging that Yahoo was at risk from a pair of critical phishing and redirection vulnerabilities. One of them may well still be open too.
Security Researcher Aditya K Sood posted a security advisory on a public mailing list explaining that, " a severe redirection and phishing vulnerability have been found in Yahoo Network."
According to Sood, the vulnerability could have allowed certain specific URLs linked on the Yahoo network websites to be manipulated to redirect traffic for a malicious purpose like phishing.
Sood alleged that the whole Yahoo network was vulnerable to this type of attack. The researcher does however claim that the issue was reported and patched by Yahoo within 24 hours.
There is a second phishing issue that Sood has also reported which has not yet been fixed by Yahoo. Sood alleged that the second issue is specific to the Yahoo Search core network.
"The links provide for the search to next page can be manipulated by the phishers to redirect traffic and use yahoo search engine for phishing," Sood states in the advisory. "The vulnerability affects the yahoo search engine at full."
Yahoo spokesperson Meagan Busath confirmed to InternetNews.com that Yahoo is aware of the issue.
"Yahoo takes security seriously and consistently employs measures to help protect our users," Busath said in an email to internetnews.com. "We are aware of this particular issue as it relates to the broader industry wide issue of phishing, and are working towards a fix."
Busath advised that for user, awareness is a key defense. To that end, she said the Yahoo security centre can be a big help.
"Yahoo has made it a priority to help educate consumers so that they are empowered to protect themselves online," Busath noted.
Source: www.internetnews.com
Talk about this article on our phishing news discussion forum
PRESS/MEDIA ENQUIRIES
MillerSmiles is the web's dedicated anti-phishing service. Launched in 2003, the site has become one of the most trusted internet security related websites on the internet.
For enquiries relating to this story or any other part of the MillerSmiles website please email the MillerSmiles team here
If you are interested in business and partnership opportunities with MillerSmiles please email us here