October 23, 2014

Yahoo! Mail Reinforces Javascript Filters to Defend Against Cross-site Scripting Attacks

(LiveHacking.Com) – Researchers at Trend Micro discovered a potential vulnerability in Yahoo! Mail. They discovered emails sent to Yahoo! addresses that contained JavaScript in the From: field that attempted to launch a Document Object Model (DOM)-based cross-site scripting attack. Although the Trend Micro researchers were unable to replicate the attack they contacted Yahoo! who in response have strengthened their filters that sanitize user emails in order to protect against these kinds of Javascript attacks.

Such types of attacks are not uncommon and in the past successful webmail attacks have targeted  accounts owned by journalists and political activists. Normally when an account is compromised the victim is unaware, which is exactly what the attackers want as they can steal the messages and launch further attacks against the victim’s contacts, all without detection.

Webmail is but one example of a cloud based service which is potentuially vulnerable to outside attack. As the use of cloud based services (including free webmail, free cloud storage space and social networking) increases so does its attraction to attackers.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks