Yahoo Mail was open to hacker attacks due to a file size bug. ZDNet reports that a flaw in the Yahoo Mail system could have let attackers control victims’ Yahoo accounts
Yahoo has fixed a bug in its Yahoo Mail email system that would have allowed attackers to seize control of users’ email accounts. This bug enabled attackers to take control of a user’s account by simply sending them a specially crafted email.
The security flaw, according to eEye Digital Security’s Drew Copley:
Allowed attackers to by-pass the Web-mail system’s Javascript filters. Any message exceeding approximately 100kb in length would not be analysed by the filter, which is meant to strip messages of any potentially malicious Javascript.
“A remarkable note about this bug is that no one seems to have found it before,” Copley’s advisory reads. “As far as anyone knows.”
Technical Description:
———–EXAMPLE EMAIL———
SCRIPT
[->a bunch of chars here [spaces are most stealth], the whole file size will be just about 100KB]
[this causes the filter to not work... the code is then run automatically]
———————————
The pseudo-diagram above explains the scenario rather well. For whatever reason, Yahoo’s email filter simply does not work on files which exceed a certain range. This kind of software issue is relatively common. A remarkable note about this bug is that no one seems to have found it before.
Yahoo has fixed the Yahoo Mail bug.
yesterday aboutblank ,a virus,got thru all 5 of my filters.was this related to the yahoo mail incident?users beware of aboutblank it is a terrible virus i have first hand knowledge!i am now a aboutblank survivor!
Wish they had fixed it before my account was hacked by some jerks in Canada. I was blackmailed for $275 to return the account to me. YAHOO WOULD NOT RESPOND TO MY PLEAS FOR HELP. Instead the hacker knows that yahoo doesn’t respond and in a few hours they themselves respond representing themselves as an arm of yahoo to help me out. Referring me to a company who could recover my account. They of course were the hackers. I did get it back with a threat that the link had been traced and police should be arriving any moment.
BOOOOOO ON YAHOOOOOOOOO
my yahoo mail
khan9559@yahoo.com
is not opening. it gives again and again the message of INVALID PASSWORD. Although i type the right password and also I have not change the password.
please help me how can i open my yahoo mail.
regards
jan
My yahoo mailbox got wiped out this morning I thought this was fixed?????
Since the new Yahoo Mail was implemented yesterday, I find I cannot really use the account at all. I can log in and view emails, but cannot delete an email, cannot send or reply, and cannot move an email from one box to another. My other email accounts are working fine. Is anyone else having this problem? Or know how to fix it? I have made no recent changes in my internet options or settings. Yahoo does not respond to my help messages.
i forge my password
I CAN NOT DELETE ANY MAIL OUT OF MAIL BOX.
I am not able to read my mail from my computer and able to do it from another.
I cannot log in to my yahoo mail! I enter my username and password and then it “thinks” for a really long time and finally gives me the “cannot locate server” page — is there something wrong with my email? Or is there something wrong with yahoo? I haven’t been able to find a way to contact yahoo so I was hoping someone here could help! Thanks!
I have a similar problem here with Yahoo. “Invalid password” always. However, sporadically, I can log in once only from my home computer.
I am more inclined to think this is a major screw-up at Yahoo during Yahoo!Mail upgrade.
Yahoo is seriously malfunctioning. I, too, am unable to send or delete any mail. If there is anyone out there who knows how to fix this problem please leave a message explaining how to correct the problem.
I cannot log in no either. Cannot get my Yahoo ID to work. Yahoo mail gives invalid password. Just need to get in long enough to get messages, addresses and sh**can the account and go back to hotmail
i want to know the hacknig password cos i need it to open a box wi forgot the password pls i need it urgently , i guess u can help by sending the password tomorrow to my email add.
thanks alot
hacking
thanks
iam pleased to be on internet.
I am unable to check my yahoo mail. After I type in the login address and the password, the browser takes me to aboutblank
My Account, yahoo ID is ( deaconblooze2000 ) Why am I not able to use My yahoo ID and/or Read My e-mail? ( I’m not able to do anything ). I have had to start a NEW Yahoo Account. At ( http://www.coldshot_07@yahoo.com ) Will You Help Me? I need the information in that account, email addresses etc.
My Yahoo account was just jacked and cusomer service just sends me form letters is ther anyway to find out who or get back into your own account????
Great Design and useful information. I will be back soon!
Hi everyone A big thank you for this wonderful site, it has helped me immensely
I am unable to open yahoo mail .Some times it opens and mostof the time it does not open
Yahoo mail opens with great dfficulties. Some tiomes it does not open
i am unable to open my yahoo id (roja_sud@yahoo.com), though able to open yahoo messenger & yahoo photos with my id.
As i enter my id & password, its giving ” CANNOT FIND SERVER” message. Or if i open yahoomail from messenger, its going to the page where it asks the profile information. i am able to open other yahoo ids from the same computer but unable to open roja_sud id.
i did not find answers for this in Help Tips. Please do help me.
I want to change my password pls give me reply soon i m in diffciulty
i entered my id and password correctly but it showing cannot find server
hi! i could not be able to open my mails. please solve my problem.
I can’t open my e-mail on either of my sites, the sites open, but i can’t open anything or delete anything. HELP!!!!!!!!!!!!!!!
hello,
I’m unable to open my yahoo account “mca_yadav_lokesh@yahoo.co.in”, by entering right mailID and password (shows message” Invalid Id or Password”), same condition in my yahoo messenger also.
plz help me
Yahoo Mail Still Not Fixed!!!!!!!
My wife’s email account was just hijacked at Yahoo. they changed her password and sent out scam mail to her address book. I hate to say it, but Yahoo needs a wake-up call. We use our email for everything from on-line shopping to liquidation buy-outs. I would hate to have to take legal action, but Hey, that might be what it will take.
I have been using Yahoo since ’97 and have been a firm believer in their security. Was I Wrong??
Very Violated
is not opening. it gives again and again the message of INVALID PASSWORD. Although i type the right password and also I have not change the password.
please help me how can i open my yahoo mail
Same problem as abhay, I continually get the message of INVALID PASSWORD on every yahoo account I have. This stinks.
• my yahoo mail
mirthu_1@yahoo.co.in
• is not opening. it gives again and again the message of INVALID PASSWORD. Although i type the right password and also I have not change the password.
please help me how can i open my yahoo mail.
regards
kalyan
not able to open my account
not able to open my account
am enterin correct id n password but its givin invalid n am nat able 2 open my mail. wat 2 du ..plzz help..its URGENT
Maybe this site is not for responding back because I see no answer to what the problems habe been raised???
my yahoo id is not open ..plz open my account any send me my new password my new mailid
b.heart65@yahoo.com
hiii
in some system my mail id is opening but in some system it is not opening .it will not gve any error message but again comes to login option please help me friends .i have checked all blocking options in those system but all are correct.
that web is not opening try to help it out
when i open the inbox it shing “the page cannot be display”
unable to open my yahoo email accound – both ndcalcutta@yahoo.com & ndindia1@yahoo.com. reason showing is invalid email id or password. but in the morning i had opened and checked both of my accounts
hiiii
do or die
hijacking
i just cant open my yahoomails, is so frustrating
i m unable to open my yahoo mail id account. messages are being received from my above account regarding lending dollars. i think somebody has hacked my mail account and misusing the same. Yahoo authorities is requested to take necessary action to seize the above mail id or free the said yahoo mail account under intimate to me on my another email -madhumishra56@yahoo.in.
matter may be treated as most urgent on security point of view.
RM
can anyone please tel me how can i know at which places has my yahoo account been opened? can i get those ip addresses.. gmail provides this service.
IF its co.in means in india
uk means dubai
uk.lodon like this it will came when u open ur id
u say me when i open my yahoo id its not opening its oops cannot be displayed
plz give the right answer