Bountiful! Yahoo! Plugs! Mail! Spoofing! Bug! Yahoo! has plugged a sender spoofing bug in its mail service turned up by independent researcher Lawrence Amer. The medium-rated bug in the compose message module allowed attackers to spoof Yahoo! e-mail sender names in the company's classic Web interface. Since patched, the bug allowed an attacker to edit the sender name in …
You may joke but Yahoo does enjoy a curious level of popularity in some countries. I usually do not stumble across too many users on "yahoo.com" addresses but I see plenty with country-specific TLD's (such as yahoo.co.uk and yahoo.co.jp). And actually, while we're on the topic of Japan, Yahoo Auctions is ridiculously popular over there. Even more-so than eBay.
It might even make Yahoo mail worth using
Hell no. That there is such a stunningly basic flaw in its processes suggest there is probably more. At least it explains some of the spam some people have told me about that they appear to have sent without knowing how. There is no trace of it in their "Sent" folder, yet headers show it to originate from Yahoo.
We solved it in an easier way: got a domain name and a decent email provider, and removed Yahoo from the system.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
