Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo and Hotmail Filter Flaw

Posted by CowboyNeal on from the shields-up-and-drop-to-impulse dept.

gandam writes "Israeli computer security firm GreyMagic Software has detected a serious security flaw in Yahoo's Web e-mail service and Microsoft Corp.'s Hotmail service, which could allow hackers to run malicious scripts on users' computers. I tried sending a mail to my yahoo account and it never reached my mailbox. According to the website, all attempts to contact Yahoo unfortunately failed. Mail was sent to security and secure at yahoo.com and at yahoo-inc.com. No replies were received to date. Works only in IE5, though."

4 of 250 comments (clear)

  1. Why is this news? by jrexilius · · Score: 0, Redundant

    Its cool that a security firm discovered a flaw, wow, they told the effected vendors and they fixed it, wow. Now its filtered, wow.

    So the flaw existed and, previously, IE5.5 users could have had Bad Things happen to them, however, it was a flaw in the online filtering service. We all new IE sucks and if you are dumb enough to use it you could get compromised by any number of methods. OK, so why is this news again?

  2. IE 6 too! by sethml · · Score: 0, Redundant

    The sample exploit works just fine on IE 6 too - from the article, it looks like it should work on IE 5.5 and on.

  3. Re:So what? by Coyote67 · · Score: 0, Redundant

    Ok so some people take posts a little seriously. Fact is 6 is the current version of IE. If this story was about a new exploit for something OSS that affected an older no longer supported version of anything, you guys would complain to no end, saying that its stupid to care about an exploit for something thats old and should not be used. Its the same thing this time around, except it just happens to be a MS related issue.

    --
    [Just Shut Up and Do What I say]
  4. Yahoo failure, or MS plot? by jettoblack · · Score: 1, Redundant

    Its nice that MS has fixed this already... and annoying that Yahoo hasn't acknowledged it yet... ...but when will MS address this problem at the true source, i.e. by patching the bug in IE that allows this exploit to work? Or are they just trying to make Yahoo look bad?

    MS, having the IE and Hotmail source code, knows the exact details of the bug. By fixing it only on the Hotmail side, they've left other competing webmail providers vulnerable, who will have a hard time fixing the bug without access to the IE source code? Just a wild guess...