Most Popular
| Top Stories | Commented | Featured |
TechSpot Blog: Disable Windows automatic check for solutions after a program crashes featured
Weekend Open Forum: Google Chrome OS and the future of cloud computing featured
Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes featured
Sony: PlayStation 3 to be 3D-capable via firmware update
Weekend tech reading: How to run Chrome OS as a virtual machine
Facebook named third most popular video website behind YouTube and Hulu
Details of Intel's 32nm Atom emerge, on track for 2011
iSuppli: DDR3 to account for over half of DRAM shipments by Q2 2010
TS Community
| User Gallery | Recent Discussion |
 TechSpot frontpage on many computers by Julio |  busy1 by IH8PunkRok |
 Nebula Desktop by cascott |  0da_php by 9bian |
TechSpot RSSInformation Technology
Yahoo fixes cross-site scripting flaw
While we think of most vulnerabilities as relating to software we run on our individual machines, there's still a huge world out there of web applications that are open to scrutiny. Recently, Yahoo has fixed a bug in their own websites that could potentially reveal any Yahoo user's account to a malicious third party. Rather than being browser or platform specific, it was an issue with Yahoo's own systems, as the article brings out:
Researchers say it would have been trivial to exploit the vulnerability because it worked across multiple browsers and required only that a victim click on an innocuous-looking link embedded in an email.
Exploiting the flaw would give an attacker access to the person's Yahoo mail account or pilfer other information from other services like Yahoo maps. The flaw is a Cross-site scripting (XSS) attack, which is used more and more often to steal data, especially as more companies rely on many conglomerate pages that use client side scripts.
No users have to change anything or patch anything, as of course site scripting is entirely due to the coding on the remote web server. How many people were compromised by this flaw, if any, Yahoo has not mentioned.
Researchers say it would have been trivial to exploit the vulnerability because it worked across multiple browsers and required only that a victim click on an innocuous-looking link embedded in an email.
Exploiting the flaw would give an attacker access to the person's Yahoo mail account or pilfer other information from other services like Yahoo maps. The flaw is a Cross-site scripting (XSS) attack, which is used more and more often to steal data, especially as more companies rely on many conglomerate pages that use client side scripts.
No users have to change anything or patch anything, as of course site scripting is entirely due to the coding on the remote web server. How many people were compromised by this flaw, if any, Yahoo has not mentioned.
Related Stories
