[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 23/04/13 16:08, Martijn Grooten wrote: > > And the login took > place from Bangladesh, which is known to be the world's capital of > sweatshops full of CAPTCHA crackers. The other accesses I've seen were from Brazil and America amongst others, so I think all you can say confidently is bots exist in Banglasdesh as well. I doubt they are using bots for some, and their own IPs for others, the bad guys are more organized than that. My guess is it is automated exploit using stolen or guessed credentials. Looking at the Yahoo cookie handling, it doesn't look too sophisticated, so if you browse another website with the cookie still in your cookie jar and Yahoo have another XSS vulnerability somewhere in their domain (likely)... I kill cookies on exiting the browser - bit of a pain - and sometimes my browser sessions last weeks at a time so probably doesn't buy me much. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq