back to article Bountiful! Yahoo! Plugs! Mail! Spoofing! Bug!

Yahoo! has plugged a sender spoofing bug in its mail service turned up by independent researcher Lawrence Amer. The medium-rated bug in the compose message module allowed attackers to spoof Yahoo! e-mail sender names in the company's classic Web interface. Since patched, the bug allowed an attacker to edit the sender name in …

  1. cortland

    That might be worth

    ... a Nobel Peace Prize. It might even make Yahoo mail worth using.

    1. Aniya
      Facepalm

      Re: That might be worth

      You may joke but Yahoo does enjoy a curious level of popularity in some countries. I usually do not stumble across too many users on "yahoo.com" addresses but I see plenty with country-specific TLD's (such as yahoo.co.uk and yahoo.co.jp). And actually, while we're on the topic of Japan, Yahoo Auctions is ridiculously popular over there. Even more-so than eBay.

    2. Anonymous Coward
      Anonymous Coward

      Re: That might be worth

      It might even make Yahoo mail worth using

      Hell no. That there is such a stunningly basic flaw in its processes suggest there is probably more. At least it explains some of the spam some people have told me about that they appear to have sent without knowing how. There is no trace of it in their "Sent" folder, yet headers show it to originate from Yahoo.

      We solved it in an easier way: got a domain name and a decent email provider, and removed Yahoo from the system.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like