[kwlug-disc] OT: Hotmail/Yahoo account breakins

jvj at golden.net jvj at golden.net
Thu Feb 14 15:20:15 EST 2013

 This comes from a [fuzzy] recollection of a discussion with a co-worker 
 a few years ago.

 It seems the fellow had his Gmail open in one browser session when he 
 clicked on a link somewhere that invoked malware that a) saw his gmail 
 session and b) captured his gmail contact list. Afterwards, people on 
 his contact list were spammed.

 I would suspect that there are similar exploits for hotmail, yahoo and 
 other cloud based services.


 On Wed, 13 Feb 2013 22:37:54 -0500, Paul Nijjar <paul_nijjar at yahoo.ca> 
 < ... snip ... >
> If anybody has other stories (or better yet information that goes
> beyond speculation) then I am very interested.
> - Paul
> On Wed, Feb 13, 2013 at 09:13:02PM -0500, Bob Jonkman wrote:
>> There are also known Cross-Site Scripting attacks that can steal 
>> session
>> cookies and IDs if the browser is already logged into Yahoo:
>> https://krebsonsecurity.com/2012/11/yahoo-email-stealing-exploit-fetches-700/
 < ... snip ... >

More information about the kwlug-disc mailing list