24524Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
- Mar 6, 2013Lena,
> The weaknesses are not in yahoo, but in Windows, browsers and their pluginsOr perhaps one of those plug-ins.
> (Java, Acrobat, Flash), ...
> If you use Windows then you are vulnerable, yahoo cannot fix your Windows.
I've evicted Java from my computers -- too many zero-day exploits in a row, and I don't know why I had it. That is, nothing I use daily has stopped working; no doubt I'll get a reminder eventually.
Acrobat, as a browser plug-in, has been eliminated for me by Firefox 19, but I still use it stand-alone with files I've created. Flash is a little more problematic as many sites I do use daily use Flash.
> Another proof: I use Unix instead of Windows on my (usual) computer atIf the plug-ins are involved there may be more variables than just the OS. The victims may have had an outdated plug-in whereas you no doubt keep yours up-to-date, or possible don't use them.
> home, so I could safely experiment. I don't Sign Out of yahoo. An XSS
> exploit should work with any browser under any operating system, however
> I clicked links in several such spams but addresses in my webmail
> address book and Sent folder weren't spammed.
After all, we don't know what percentage of the people who received and clicked on such links were subsequently exploited. All we know is that it was apparently enough to propagate the problem to others. I'd actually expect that people prone to click on rogue links are also people prone to ignore updates, but that's just a stereotype in my mind.
- << Previous post in topic Next post in topic >>