Web bugs can have serious risks, especially when they fester for eight months.
When my neighbor called early Wednesday morning, she sounded close to
tears. Her Yahoo Mail account had been hijacked and used to send spam
to addresses in her contact list. Restrictions had then been placed on
her account that prevented her from e-mailing her friends to let them
know what happened.
In a blog post published
hours before my neighbor's call, researchers from security firm
Bitdefender said that the hacking campaign that targeted my neighbor's
account had been active for about a month. Even more remarkable, the
researchers said the underlying hack worked because Yahoo's developer blog runs on a version of the WordPress content management system that contained a vulnerability developers addressed more than eight months ago. My neighbor's only mistake, it seems, was clicking on a link while logged in to her Yahoo account.
For the rest of the story: http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
No comments:
Post a Comment