Hacker selling code that 'hijacks' Yahoo mail accounts
An Internet hacker, said to be an Egyptian, has reportedly, offered to sell code that will allow a person to hijack Yahoo email accounts.business Updated: Nov 28, 2012 13:30 IST
An Internet hacker, said to be an Egyptian, has reportedly, offered to sell code that will allow a person to hijack Yahoo email accounts.
The hacker, who goes by the username TheHell, has offered an exploit for the price of 700 dollars on an underground cyber crime community called Darkode.
A YouTube video explaining the hack showed that it works when an unsuspecting email user clicks on a malicious hyperlink, sent in an email, the Daily Mail reports.
An online security blogger Brian explained on his website Krebs that the exploit 'targets a "cross-site scripting" (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo Webmail users.'
"Such a flaw would let attackers send or read email from the victim's account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site," the blogger explained.
"These scripts can even rewrite the content of the HTML page," he added.
According to the paper, Krebs informed Yahoo about the intended attack and the Internet company said their security team is responding by fixing any potential vulnerabilities.