WIRED Security Latest

Silicon Valley & Technology - Voice of America

InfoWorld Security

The Register - Security

IEEE Spectrum Computing Channel

Cyberlaw - Stanford Center for Internet and Society

Help Net Security - News

Nov 23, 2012

Yahoo Email-Stealing Exploit Fetches $700

Brian Krebs

Yahoo Email-Stealing Exploit Fetches $700

A zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious Web sites offers a fascinating glimpse into the underground market for large-scale exploits.
The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users. Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Read more ..
Yahoo Email-Stealing Exploit Fetches $700

IEEE Annals of the History of Computing

Here's a phish you might not spot - 60 Sec Security

Hackaday Blog

Biggest Information Security and Cybersecurity Misconceptions

Computer History Museum Videos

Slashdot: Your Rights Online

Public Key Cryptography: Diffie-Hellman Key Exchange

ComputerWeekly.com - When IT Meets Politics

Nextgov.com News Articles

Electronic Privacy Information Center

SecurityWeek

European Public Policy Blog