RSS Alerts

Share

More services

Related Links

Related Stories

  • Adobe confirms Flash contains Microsoft security flaw
    Should vendors include programme code from third parties, is the question experts are asking, now that Adobe has acknowledged that it used Microsoft's allegedly flawed development code in its products.
  • Information security in China: A license to print money
    With 200 million internet users in China, and a predicted annual growth rate of 17% for the information security market until 2013, why would security vendors want to go anywhere else? William Knight investigates
  • Three quarters of companies think they are vulnerable to hacking
    Seventy three percent of IT professionals admit their software applications are vulnerable to hackers in a survey conducted by application security specialists Fortify Software at this year’s Infosecurity Europe in London.
  • Learn about how to protect against data-stealing malware
    Data-stealing malware that can evade current security systems could cause serious harm to an enterprise. Trend Micro’s eBook ‘Outthink the Threat’ offers information on data-stealing malware and how to fight it.
  • Yahoo!, Hotmail accounts targeted by hackers
    Following in the footsteps of recently disclosed attacks on Gmail accounts, TrendMicro warned late last week that similar compromises appear to be affecting Yahoo! and Hotmail web-based email accounts it what the security vendor believes may be a precursor to future attacks.

Top 5 Stories

News

Yahoo mail users warned of brute force hacker attacks

21 September 2009

Yahoo has warned users of its Yahoo Mail service about a two-year-old security flaw that appears to allow hackers to gain access to their accounts via a back door.

According to Ryan Barnett, director of application security research at Breach Security, which identified the security problem recently, it stems from a web application which automates the log-in procedure for the Yahoo Mail.

The Register newswire quotes Barnett as saying that the web application fails to adhere to the same security checks normally followed by the usual log-in page, enabling "some sort of water tunnel that the bad guys are walking right through".

As a result of the security loophole, hackers are using the insecure web applications to carry out brute force attacks on user passwords.

Once hacked, the Yahoo Mail accounts are reportedly being used to send out spam and malware, as well as encouraging email users to download trojans that encourage users to access their bank accounts online.

Yahoo is reported to be investigating the vulnerability and is expected to seal the loophole shortly.
 

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012