Web Hosting Reviews

This is how your Yahoo account can be hacked

By exploiting a feature on Yahoo’s developer network, it is possible for hackers to gain access to a user’s Yahoo account by creating a web page with malicious code. If a user visits the malicious page, the hacker can access e-mail, contacts and other sampled information.

The security hole was discovered by independent security researcher Sergiu Dragos Bogdan, who demonstrated how an attack could be carried out at the Defcamp security conference in Romania on Sunday.

In his presentation, he demonstrated how Yahoo’s web-based YQL (Yahoo Query Language) console can be used for the attack. By inserting special YQL codes into an external web page, it is possible for a hacker to take control of a user’s Yahoo account.

YQL is Yahoo’s own programming language that resembles the database language SQL. It can be used to manage data in Yahoo’s own databases.

Sergiu Dragos Bogdan states that he will share his findings with Yahoo and it is quite easy to prevent attacks of this type. Yahoo has not yet commented on the current security hole.

IDG News

Leave a Comment

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *