Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo and Hotmail Filter Flaw

Posted by CowboyNeal on from the shields-up-and-drop-to-impulse dept.

gandam writes "Israeli computer security firm GreyMagic Software has detected a serious security flaw in Yahoo's Web e-mail service and Microsoft Corp.'s Hotmail service, which could allow hackers to run malicious scripts on users' computers. I tried sending a mail to my yahoo account and it never reached my mailbox. According to the website, all attempts to contact Yahoo unfortunately failed. Mail was sent to security and secure at yahoo.com and at yahoo-inc.com. No replies were received to date. Works only in IE5, though."

8 of 250 comments (clear)

  1. Works only in IE5, though? by slycer9 · · Score: 5, Funny

    Surely that's gotta be wrong! A security hole in IE???
    No freakin' WAY!?

    --
    Don't park drunk, accidents cause people.
    1. Re:Works only in IE5, though? by xpl_the_myst · · Score: 5, Informative
      And this is the reason it works only in IE5. Non-standard methods :

      However, Hotmail completely filters out that element, so another method of namespace declaration is needed. It so happens that Internet Explorer provides one other mechanism to declare a namespace, via the non-standard <?xml:namespace> processing instruction, which may be used anywhere in the document and does not get filtered.

      --
      This sig is empty.
    2. Re:Works only in IE5, though? by NickFitz · · Score: 5, Informative

      I just tried it on IE6, and it works there too - should have said "IE5 upwards", I suppose.

      (For those who don't know, MS's versioning is so bizarre that IE5 and IE5.5 are different in more than minor version number, while IE6 is pretty much IE5.5.1. No, I don't understand either; but I'm always glad of a reminder of why I use a Mac these days :-)

      --
      Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
  2. Attacking my Hotmail Account by Kjuib · · Score: 5, Funny

    If they are going to attack my Hotmail Account they are up for a fight! Pr0n and Viagra have a firm hold, and it is going to take a lot to beat them to my Inbox.

    --
    - Your stupidity got you into this mess, why can't it get you out? -Will Rogers
  3. Re:Hotmail evidently fixed by Call+Me+Black+Cloud · · Score: 5, Insightful

    Yes, Hotmail was fixed in less than 2 days. That's impressive. You won't hear much about it because it's Microsoft. If Hotmail was open source you'd be reading posts trumpeting the superior open source development model. "See how we joined hands and overcame the problem quickly!"

    Well, all I can say is: See how Microsoft worked with a (foreign) company and fixed the problem less than 2 days after hearing about it. This company is clearly focused on security.

  4. Not only IE5 by Anonymous Coward · · Score: 5, Informative

    The reporter has it wrong.

    ALL versions of IE *since* 5 contain this feature, which means that if there's a flaw in the filtering mechanism of the web-based email provider, script will run.

    Yep, IE5, IE5.5 and IE6.

  5. Myway uses adware. by Azureflare · · Score: 5, Informative
    I just did a google search and came up with this:: MyWay Speedbar

    Sorry, but I'm not willing to get email with a service that supports the use of adware/scumware.

  6. Re:IE vs. Open Systems and Standards by mek2600 · · Score: 5, Funny

    Well, like most /. folk, I'm using Firefox on BSD on an SPARC.

    Man, I didn't realize I was so lame. I didn't know most people on /. used SPARCs.