Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [Argeniss] Alert - Yahoo! Webmail XSS
From: "Neil Davis" <rg.viza () gmail com>
Date: Tue, 18 Apr 2006 18:53:22 -0400

whether any of us, people who read full disclosure, and may even be
security researchers, would fall for a yahoo phish, or need to log
into yahoo, is irrelevant. The fact is that yahoo mail is vulnerable
to XSS, and less savvy users could be exploited.

Yahoo, along with all websites that accept user input, should filter
their input... it's the right thing to do, since it increases security
and prevents users from being exploited with XSS.

Depending on the user to not allow himself to be exploited is how bad
security habits are born.

If you are like me and are constantly deleting cookies (using the
mozilla extension "clear data", because I test a lot and this requires
me to delete cookies a lot) you'd have to log in every time you use
any site.

Yahoo is vulnerable to XSS attacks, so they should fix their site, period.



On 4/18/06, Morning Wood <se_cur_ity () hotmail com> wrote:
Yahoo! Mail once in a while will ask you
to re login again so it's not so anormal.

I use Yahoo Mail, I have never once had to re-login in 4 years.

dunno...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]