| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b6ee931040928100148a9c962@mail.gmail.com> From: xploitable at gmail.com (xploitable) Subject: Yahoo! Spam Filter Vulnerability Yahoo! Tuesday made public a preview of its coming new and improved homepage. A link from Yahoo!s homepage takes you to http://www.yahoo.com/promos/learn.html, where users can learn more about the new and improved functionality. On the learn.html page is a link http://promotions.yahoo.com/frontpage_04/ud/fp2_taf.html to invite friends or co-workers to view the New and Improved Homepage. This feature allows anyone to spam the Yahoo! Mail servers. Consumer or Corporate mailboxes will be flooded with repeated invites, if a malicious users codes a simple program to do so. All spammed invites do not goto the bulk folder as they should, they arrive on the inbox, as repeated invites. This allows a malicious users to quickly bring Yahoo! Mail network to a crawl and fill up a victims storage space very, very quickly. Yahoo! were notified of a similar vulnerability for its Yahoo! Mail spam filters earlier this year with regards of its invite feature, on the Yahoo! Messenger 6 IM client, it seems Yahoo! do not learn from past mistakes. For this current vulnerability, the vendor has not been contacted. Happy Yahoo! Mail flooding. Discovered today by n3td3v -- http://www.geocities.com/n3td3v - Yahoo! Security Forum *Online*.
Powered by blists - more mailing lists