tagged w/ Javascript
-
Yahoo has closed a gaping hole that attackers were exploiting to gain access to victims' Yahoo Mail accounts and other restricted areas of site.
The cross site scripting error in the hotjobs.yahoo.com domain allowed the attackers to inject cleverly obfuscated javascript into the page that silently siphoned the cookies used to authenticate Yahoo users when they log in to sections of the portal that require a password. Armed with the cookies, attackers were then given broad control over the victim's Yahoo account, including Yahoo Email and any other service that uses authentication cookies belonging to the yahoo.com domain.
"I guess the beautiful bit about it from an attacker's viewpoint is quite a lot of people would be unaware of what's happened" after accessing a booby-trapped hotjobs URL, said Paul Mutton, an internet services developer for Netcraft who helped discover the exploit. "Not many people will think of changing their password after that happens."
more...Yahoo has closed a gaping hole that attackers were exploiting to gain access to... more
-
-
Here is the collection of top 9 modal dialogs javascripts to display modal dialogs. These scripts have gained widespread popularity due to its simple yet elegant style and easy implementation.Here is the collection of top 9 modal dialogs javascripts to display modal dialogs.... more
-
