Breaking News : YAHOO has just released a security patch that prevents a serious bug which allowed hackers to read any email
Yahoo has just issued a security patch of a highly critical XSS (cross-site scripting) security vulnerability in its users’ email system that allowed hackers to read any email contents.
Who discovered this security flaw ?
Jouko Pynnonen, a famous cyber-security researcher lived in Finland first discovered this serious issue and reported it to Yahoo. Jouko Pynnonen also reported a serious bug in Yahoo last year that allowed hackers to hack any user’s account by using XSS (cross-site scripting) vulnerability. He was also awarded in $10,000 by Yahoo’s bug bounty program on Hackerone.
How does this bug work ?
Jouko Pynnonen has posted an article on his personal blog about how the bug works. He said that the bug existed in the email’s HTML filtering.
Jouko sent an email with various sorts of attachments to inspect the raw code in HTML (Hyper Text Markup Language) of that email. However, Yahoo has a protection to block malicious codes of these type HTML emails in its filtration process.
But, Jouko had succeeded to bypass this filtration process by sending a YouTube link in that email which allowed him to execute a JavaScript code. After executing this malicious JavaScript he was able to read victim’s email finally.
According to his statement :
“As long as the URL pointed to a white-listed website such as YouTube, it was not further sanity checked or encoded,” writes Pynnonen.
I’m still a Yahoo user. What can I do now to get rid off ?
Do not scare …. Yahoo has already fixed this poisonous flaw.
Sources for the news and further reading
follow me on steemit 
AND resteem it 
>>Thanks to @elyaque for designing my badges :)<<
MY STATS
REPUTATION SCORE : 67 | TOTAL FOLLOWERS : 265
TOTAL BLOG POSTS : 335 | TOTAL LIKES : 18459
TOTAL EARNINGS : $2488.32