RealTime IT News

Yahoo Moves Quickly To Plug Phishing Hole

A security researcher is alleging that Yahoo  was at risk from a pair of critical phishing and redirection vulnerabilities. One of them may well still be open too.

Security Researcher Aditya K Sood posted a security advisory on a public mailing list explaining that, " a severe redirection and phishing vulnerability have been found in Yahoo Network."

According to Sood, the vulnerability could have allowed certain specific URLs linked on the Yahoo network websites to be manipulated to redirect traffic for a malicious purpose like phishing .

Sood alleged that the whole Yahoo network was vulnerable to this type of attack. The researcher does however claim that the issue was reported and patched by Yahoo within 24 hours.

There is a second phishing issue that Sood has also reported which has not yet been fixed by Yahoo. Sood alleged that the second issue is specific to the Yahoo Search core network.

"The links provide for the search to next page can be manipulated by the phishers to redirect traffic and use yahoo search engine for phishing," Sood states in the advisory. "The vulnerability affects the yahoo search engine at full."

Yahoo spokesperson Meagan Busath confirmed to internetnews.com that Yahoo is aware of the issue.

"Yahoo takes security seriously and consistently employs measures to help protect our users," Busath said in an email to internetnews.com. "We are aware of this particular issue as it relates to the broader industry wide issue of phishing, and are working towards a fix."

Busath advised that for user, awareness is a key defense. To that end, she said Yahoo's Security Center can be a big help.

"Yahoo has made it a priority to help educate consumers so that they are empowered to protect themselves online," Busath noted.