A new exploit being sold for $700 may put tens of millions of Yahoo Mail users at risk. Once victims click on a malicious email link, the exploit allows an attacker to steal and replace tracking cookies, while remotely controlling the victims’ browsing sessions. “After the victim clicks the link, he will be redirected to the email page again,” a demonstration video for the hack explained. “And you can redirect him to wherever you want.” According to Yahoo, fixing the exploit won’t be nearly as difficult as finding it. That’s because it’s an XSS flaw set off by a URL, a hole that can easily be patched, but hard to locate. Read the full story at Mashable.
About Shelly Palmer
Shelly Palmer is the Professor of Advanced Media in Residence at Syracuse University’s S.I. Newhouse School of Public Communications and CEO of The Palmer Group, a consulting practice that helps Fortune 500 companies with technology, media and marketing. Named LinkedIn’s “Top Voice in Technology,” he covers tech and business for Good Day New York, is a regular commentator on CNN and writes a popular daily business blog. He's a bestselling author, and the creator of the popular, free online course, Generative AI for Execs. Follow @shellypalmer or visit shellypalmer.com.