Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Yahoo Mail users are being warned that a two-year-old hole in the service could be allowing hackers to gain easy access to their accounts, according to new reports.
Ryan Barnett, director of application security research at Breach Security, said the problem stems from a web application which automates the log-in procedure for the popular webmail service, according to a report in The Register.
However, this web app crucially fails to adhere to the same security checks normally followed by the usual log-in page, enabling "some sort of water tunnel that the bad guys are walking right through”, Barnett is quoted as saying.
Hackers are therefore using the unsecure web app to carry out brute force attacks on user passwords; a process whereby they try all possible combinations of letter and numbers in order to crack the password, and gain entry to the account.
Other security experts are reported as saying that this new revelation confirms what many have suspected for a while: that back-end applications are a key factor in the increasing success of account hijacking cases targeting all social networks and portal sites.
Once hacked, the accounts can be used to send out spam and malware, aiding the hackers cause, as opposed to spam they stand a better chance of bypassing traditional filters.
Hackers may also choose to use the account details to try and access banking or other more lucrative accounts, as many people use the same or similar passwords on multiple accounts.
Yahoo is understood to be investigating the vulnerability.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.