Netcraft reported an ongoing exploit of XSS vulnerability in Yahoo HotJobs site. The attackers have been using an obfuscated JavaScript to steal session cookies of victims, which were in turn sent to a server in the US.
The stolen cookie was a yahoo-wide cookie and therefore by stealing it the hackers could gain control of every service accessible to the victim within Yahoo, including Yahoo! Mail.
Netcraft identified the issue by observing irregular activity by its toolbar users and Yahoo! fixed the vulnerability short after, on Oct 28th.
Latest Stories
- WAFs are not perfect, but is any security tool perfect? (Feb 9th 2010)
- Forrester estimates the WAF market to be $220M in 2010 (Feb 9th 2010)
- ModSecurity exceptions for TYPO3 (Jan 20th 2010)
- Presentation about WAFs in the cloud (Jan 15th 2010)
- The curse of PCI for WAFs (Jan 11th 2010)
- A New Year, a New Acronym (Jan 9th 2010)
- A Remote Command Injection Vulnerability Applicure's dotDefender Site Management. (Dec 10th 2009)
Navigation
Subscribe:
Xiom is the place to find information about Web Application Firewalls (WAFs) including reviews, analysis, announcements and research. Tune to the RSS channel to get every bit of information or subscribe to the newsletter to receive only in depth articles.
Xiom also leasd and hosts the Web Hacking Incidents Database, a Web Application Security Consortium project aimed at maintaining a list of web applications related security incidents.
Xiom is a community web site lead by Ofer Shezaf.