Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 19th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2015 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

Yahoo Mail Fail

30 January 2013

Wow, I've never had an of my machines or accounts hacked before - but it had to happen sooner or later.

Yesterday I received an email from a friend who often provides useful links to interesting stuff online.

Given that it was from a trusted source and that it was not unexpected that his email was just a quick note suggesting I visit a webpage, I clicked on the link.

Duh!

I was somewhat confused when I saw that the page he linked to was a bogus news report containing what appeared to be a covert plug for MLM schemes dressed up as a fake page from MSNBC. However, I didn't give it much more thought; it was late and I was tired.

This morning I woke up to find that I had some email bounces and a couple of people had emailed me to say "I think you've been hacked", quoting the same email I'd received from a friend the night before.

Yep, the zero-day YahooMail XSS vulnerability had been exploited to gain access to my YahooMail account.

Unfortunately, although Yahoo did try to patch the vulnerability earlier this month, the problem persists and anyone with a YahooMail account is vulnerable.

Having the most "up to date" browser and security patches won't help you one jot.

Just about the only step you can take to avoid getting hit are to log out of your YahooMail session as soon as you've finished reading/sending email and make sure you don't open any new webpages while a YahooMail session is active.

Of course you could try turning off Javascript -- but then your YahooMail account won't work anyway :-(

So, if anyone has received an email from my YahooMail address suggesting you go look at a website -- delete it!

Sigh... sometimes I long for "the old days" when HTML was just HTML and, although pages were bland and ugly -- at least they were benign.

The mainstream media seem to have been pretty quiet about this one -- which I find odd, since the exploit is becoming widely exploited.

So, just the one column this morning -- because I'm busy making sure that there were no stored emails in my Yahoo account that may have contained information relating to passwords or other data that could compromise my other accounts.

Come on Yahoo... this exploit has apparently been around for months and you still haven't patched it (properly)?

Please visit the sponsor!
Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Apart from the kind support of the sponsor, Aardvark Daily is largely a labour of love that involves many hours of hard work each month. If you appreciate the content you find here (or even if you don't) then please visit the sponsor and also feel free to gift me a donation using the button above.

Remember, this is purely a gift, you'll get nothing other than a warm fuzzy feeling in return.


Features:

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

The Missile Man The Missile Man book

Previous Columns

Another cyber-battle for copyright holders
The battle between copyright owners and Net users started many, many years ago and it still seems as if they're playing (and losing) a game of whackamole...

The world has done a 180
As a child growing up in the 1950s and 1960s I was very much aware that the legacies of WW2 were still very much alive and well...

Beware the Sino cyber-savvy
China is now a potent force in the world of online retail...

Who pwns your router?
It is perhaps the most crucial part of any internet connection - the modem and router that provides a link between your house or office and the outside world...

Tesla's home battery
It's one of the worst-kept secrets of the decade -- Telsa's home energy storage battery...

Another Aardvark prediction come true?
Over four years ago I wrote a column in which I expressed my fear that the new UFB network would be crippled by the effect of IP-based video entertainment services...

Technology, changing the face of war
Tomorrow is ANZAC Day, a brief moment in time when we reflect on the bravery of the individual and the horror that is war...

Drones as a political tool
Yesterday, a drone was found on the roof of the Japanese Prime Minister's office and, as was to be expected, the result was a rather over-the-top reaction by authorities...

The TPPA truth?
To the average Kiwi, our government's infatuation with the TPPA that the USA is attempting to foist upon us seems perverse...

Time for a total rethink of our stuff?
I've written a few columns in the past mourning the disappearance of technology you could easily maintain, fix and upgrad...

What digital radio?
I can recall with fond memories the time I spent as a young boy, barely of school age, playing with germanium diodes, crystal ear-plugs and long lengths of wire...