Bug Hunter Finds 'Blended Threat' Targeting Yahoo Web Site

A Romanian bug hunter has discovered a "blended threat" targeting Yahoo's Developer Network Web site that allows unauthorized access to Yahoo users' emails and private profile data.At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQL console on developer.yahoo.com. Yahoo Query Language is the company's proprietary programming language and used to test queries against Yahoo databases. Authenticated users also can access tables with their own Yahoo account data, such as e-mails and profile data, to mount queries.According to Computerworld, Bogdan showed how an attacker could abuse

What the influencers are saying

  1. Jeremiah Grossman

    195.0 days ago

    "made it appear as if the crumb displayed in the iframe was actually the CAPTCHA challenge the user had to input" http://t.co/2QSuk5e4

  2. Threatpost

    195.0 days ago

    Bug Hunter Finds 'Blended Threat' Targeting @Yahoo Web Site - http://t.co/o3QIzTFA



, join the conversation

Related Reading

News

Most Popular

Commentary

On the Web

More On the Web»

Video

Slideshow



InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.