iTWire - Yahoo plugs email hole but web services issue highlighted

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Yahoo plugs email hole but web services issue highlighted

Yahoo plugs email hole but web services issue highlighted

E-mail

by Stan Beer
Thursday, 15 June 2006
The world's 200 million or so Yahoo email users can breathe a little easier today because the global internet company says it has plugged a potentially dangerous hole in its system that allowed a dangerous JavaScript worm to infect email users' computers. The vulnerability enabled the worm, called Yamanner to infect a computer and proliferate via its email address book to other Yahoo Mail users merely by opening the email message. Yamanner exploits a vulnerability that enables scripts embedded in HTML e-mails to be run by the user's browser. Yahoo Mail normally blocks JavaScript programs but there was one script it allowed which concerned uploading images in emails to the server. Yamanner substituted its own JavaScript code for the image handling script. The Yahoo Mail vulnerability and its relation to JavaScript has raised the issue over security related to the provision of web services that use JavaScript. Yahoo, Google and other companies have already released products to the market based on the current web services technology flavour of the month AJAX (Asynchronous JavaScript And XML). Google Calendar and Google Spreadsheet are the latest examples. More such online web services are in the pipeline. According to a report in Information Week, the proliferation of AJAX in online applications could provide fertile ground for hackers because a JavaScript application is very difficult to protect. For users interested in downloading the plethora of free online applications now on offer from internet companies, the news that many the applications may not be safe will be discomforting. The Yahoo incident demonstrated that it is possible for hackers to replace a resident JavaScript program with another malicious JavaScript program which in turn can launch a rogue website. If nothing else, this could well put a significant kink in the best laid plans of the providers of web services. {moscomment} Tags See All Tags Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking