| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <91420b640604181553s19fb196ag9339f68717dbe697@mail.gmail.com> Date: Tue Apr 18 23:53:29 2006 From: rg.viza at gmail.com (Neil Davis) Subject: [Argeniss] Alert - Yahoo! Webmail XSS whether any of us, people who read full disclosure, and may even be security researchers, would fall for a yahoo phish, or need to log into yahoo, is irrelevant. The fact is that yahoo mail is vulnerable to XSS, and less savvy users could be exploited. Yahoo, along with all websites that accept user input, should filter their input... it's the right thing to do, since it increases security and prevents users from being exploited with XSS. Depending on the user to not allow himself to be exploited is how bad security habits are born. If you are like me and are constantly deleting cookies (using the mozilla extension "clear data", because I test a lot and this requires me to delete cookies a lot) you'd have to log in every time you use any site. Yahoo is vulnerable to XSS attacks, so they should fix their site, period. On 4/18/06, Morning Wood <se_cur_ity@...mail.com> wrote: > > Yahoo! Mail once in a while will ask you > > to re login again so it's not so anormal. > > I use Yahoo Mail, I have never once had to re-login in 4 years. > > dunno... > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists