[kwlug-disc] OT: Hotmail/Yahoo account breakins
jvj at golden.net
jvj at golden.net
Thu Feb 14 15:20:15 EST 2013
This comes from a [fuzzy] recollection of a discussion with a co-worker
a few years ago.
It seems the fellow had his Gmail open in one browser session when he
clicked on a link somewhere that invoked malware that a) saw his gmail
session and b) captured his gmail contact list. Afterwards, people on
his contact list were spammed.
I would suspect that there are similar exploits for hotmail, yahoo and
other cloud based services.
jsquared
On Wed, 13 Feb 2013 22:37:54 -0500, Paul Nijjar <paul_nijjar at yahoo.ca>
wrote:
< ... snip ... >
> If anybody has other stories (or better yet information that goes
> beyond speculation) then I am very interested.
>
> - Paul
>
> On Wed, Feb 13, 2013 at 09:13:02PM -0500, Bob Jonkman wrote:
>>
>> There are also known Cross-Site Scripting attacks that can steal
>> session
>> cookies and IDs if the browser is already logged into Yahoo:
>>
>> https://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/
< ... snip ... >
More information about the kwlug-disc
mailing list