Loading ...
Sorry, an error occurred while loading the content.

25055Re: [Y-Mail] Despite its efforts to fix vulne rabilities, Yahoo’s Mail users continue reporting hacking incidents - The Next Web

Expand Messages
  • Chris J Brady
    Jun 19, 2013
      The hackers of Yahoo accounts are not guys sitting at a PC keyboard randomly typing in characters like the proverbial monkeys typing in the complete works of Shakespeare. Neither is it a computer generating random letter passwords and trying them until one fits. That's old skool. 

      The vulnerability is that a user having clicked on an embedded URL in an email is taken to a rogue webpage. Or maybe has not even clicked on an embedded URL and in the course of surfing has been  taken to a rogue webpage. This has installed a virus (a snippet of XML / Javascript / whatever / code) onto the user's PC. This is turn sends the the Yahoo cookie file containing the account name and password to the hackers. So it doesn't matter what the password is or when it is changed or how complicated it is the hackers get the latest version. 

      The virus script does two other things. Periodically - until removed - it sends an email out - with a one line URL to another roge website - to one, many, all contacts in the user's address book.

      Secondly it sends the entire address book to the hackers. This can be used to send out fraudulent emails appealing for cash because the user has lost his/her passport on a surprise trip overseas, or has been imprisoned in a foreign country and needs urgent cash to be released, etc.

      I have not found out how to remove the XML / Javascript / whatever code that represent the virus. Perhaps someone here can say. Virus protection apps will not detect it.

      However I understand that one protection is to ALWAYS log out of a Yahoo session after finishing which apparently then kills the cookie containing the user's account and password.

      But if the hackers have a user's complete address book then there's nothing to stop them from using the contents to send begging emails.

      CJB ..
         

      --- On Wed, 19/6/13, Kenneth <justkenneth@...> wrote:

      From: Kenneth <justkenneth@...>
      Subject: Re: [Y-Mail] Despite its efforts to fix vulnerabilities, Yahoo’s Mail users continue reporting hacking incidents - The Next Web
      To: "Y-Mail@yahoogroups.com" <Y-Mail@yahoogroups.com>
      Date: Wednesday, 19 June, 2013, 0:22

       

      Perhaps a complicated password is more of a challenge for hackers, but that doesn't mean a simple password is safer.  They're not going to know whose passwords are more challenging until after the fact.  And if yours was less challenging, then they've just hacked yours sooner rather than later.


      From: Lorrie <minilorrie@...>
      To: Y-Mail@yahoogroups.com
      Sent: Tuesday, June 18, 2013 1:53 PM
      Subject: Re: [Y-Mail] Despite its efforts to fix vulnerabilities, Yahoo’s Mail users continue reporting hacking incidents - The Next Web

       
      My password is really simple and not very secure.  I have had it for years.  Never had any problems.  I am just wondering if the more difficult you make your password, the more the hackers try and get it.  Maybe it gives them more of a challenge.  A lot of people that I have talked to that have been hacked say that their passwords were very complicated yet they were stolen numerous times.  Just my thoughts LOL.

      Lorrie

    • Show all 25 messages in this topic