[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Yahoo, was: Web based emails

To: DCLUG ML <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] Yahoo, was: Web based emails
From: Simon Waters <simon@xxxxxxxxxxxxxx>
Date: Sat, 24 Oct 2015 22:06:14 +0300
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1444208763; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:References:In-Reply-To:Message-ID:Date:MIME-Version:To:From; bh=BGS3yCKvCnAbuneopjrMU4rPjREAyQ2hKTIqIQrlUis=; b=hOGzekNvJrmf6iCw2HPiFbgZti7sAwC9vg8nTFkTVKsSXorgcHV7yTHD28RkQjEEnzsEDHQaK6i3fVPNJHHLp3JTwi5T3E00oAayldoV6QBJe7QSmJ5Xdjgvhr0KFTNbkxCa3v5nCMV+U1EKTKiSsdGb798M9QxYEY+B9Gt1JQ4=;

One of the Yahoo email API issues was exploited by attackers using the index of address book contacts. So the address book wasn't directly leaked but they were still able to enumerate how many contacts you had and use them to add the element of "from someone I know" to the dodgy emails they sent.

E.g

Email this to address book entry 1, cc 2,3,4

But yes I still get emails from random sending addresses showing that friends Yahoo address book were exposed in some way in the past. There was a spate a few months back of one line emails from Yahoo again, but they seem to have cleaned it up again.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Yahoo, was: Web based emails
- From: Martijn Grooten

References:
- [LUG] Web based emails
  - From: Neil Winchurst
- Re: [LUG] Yahoo, was: Web based emails
  - From: lug
- Re: [LUG] Yahoo, was: Web based emails
  - From: Adrian Midgley

Prev by Date: Re: [LUG] Identifying encrypted files.
Next by Date: Re: [LUG] Web based emails
Previous by thread: Re: [LUG] Yahoo, was: Web based emails
Next by thread: Re: [LUG] Yahoo, was: Web based emails
Index(es):
- Date
- Thread