Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 21st year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2016 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at

Please visit the sponsor!
Please visit the sponsor!

Yahoo Mail Fail

30 January 2013

Wow, I've never had an of my machines or accounts hacked before - but it had to happen sooner or later.

Yesterday I received an email from a friend who often provides useful links to interesting stuff online.

Given that it was from a trusted source and that it was not unexpected that his email was just a quick note suggesting I visit a webpage, I clicked on the link.


I was somewhat confused when I saw that the page he linked to was a bogus news report containing what appeared to be a covert plug for MLM schemes dressed up as a fake page from MSNBC. However, I didn't give it much more thought; it was late and I was tired.

This morning I woke up to find that I had some email bounces and a couple of people had emailed me to say "I think you've been hacked", quoting the same email I'd received from a friend the night before.

Yep, the zero-day YahooMail XSS vulnerability had been exploited to gain access to my YahooMail account.

Unfortunately, although Yahoo did try to patch the vulnerability earlier this month, the problem persists and anyone with a YahooMail account is vulnerable.

Having the most "up to date" browser and security patches won't help you one jot.

Just about the only step you can take to avoid getting hit are to log out of your YahooMail session as soon as you've finished reading/sending email and make sure you don't open any new webpages while a YahooMail session is active.

Of course you could try turning off Javascript -- but then your YahooMail account won't work anyway :-(

So, if anyone has received an email from my YahooMail address suggesting you go look at a website -- delete it!

Sigh... sometimes I long for "the old days" when HTML was just HTML and, although pages were bland and ugly -- at least they were benign.

The mainstream media seem to have been pretty quiet about this one -- which I find odd, since the exploit is becoming widely exploited.

So, just the one column this morning -- because I'm busy making sure that there were no stored emails in my Yahoo account that may have contained information relating to passwords or other data that could compromise my other accounts.

Come on Yahoo... this exploit has apparently been around for months and you still haven't patched it (properly)?

Please visit the sponsor!
Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page


Change Font

Sci-Tech headlines



Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam


The Missile Man The Missile Man book

Recent Columns

Sorry, I got nothin
I've been doing this blog thing for over 20 years -- in fact I'm now in my 22nd year of writing something for this site almost every day...

ItoldYaSo - Free movies/TV
Some time ago I suggested that some smart Kiwi should go into business selling set-top boxes running Kodi and a range of "free TV" plug-ins such as 1Channel, Exodus or whatever...

Data is killing the planet
Just half a century ago there wasn't a whole lot of computer data storage on the planet...

Net to the US Government: Piss off!
I read multiple reports over the weekend which suggested that the USA was preparing to launch a cyber-assault on Russia...

TV is hurting
Statistics show that under-35s are watching less and less broadcast TV in favour of online viewing...

Kicking batteries to the kerb
Batteries... can't live with them, can't sleep at night because of the fires they might create...

A fantastic opportunity - the Note 7
Samsung is reeling from the incendiary effect that its Note 7 smartphone is having on its brand and the cost could be huge...

Are we our own worst enemy?
It seems that celebrity scientists and entrepreneurs are big news these days and the media seems to hang on their every word...

Desk pilots are crippling the world
Recently I had a flood of emails from around the world, all bringing the same thing to my attention...

The effects of malware ads - who pays?
An increasing number of websites are effectively banning access to those who have ad-blocking software...

OMG! Yahoo has bugged my email!
This week it was discovered that Yahoo has been actively monitoring its users' email on behalf of the US government...