Yahoo Mail Again Secure

For those like myself who use Yahoo's online mail service everyday, the recent announcement that a security leak has been rectified is welcome news.

A few problems have arisen this summer, including a Javascript flaw featuring the Yammaner worm with the ability to attack all versions of Yahoo web-based mail except for the most recent (Summer 2006) version of the program. News of the threat was first reported in mid-June, but the most serious attacks appear to be from threats arising earlier this month.

Emerging in Late July, Yahoo mail users were susceptible to an attacker with the potential to hijack an account through the opening of certain, mischievous attachments. Representatives told the media that "Online security issues are taken very seriously at Yahoo. We developed a fix for this bug and deployed it last week." (Source: news.com)

Yahoo mail contains a standard security measure, according to sources the flaw allowed an attacker to bypass these boundaries. Although the Javascript time-bomb was always associated with mail including attachments, the flaw allowed the attacker to hijack a system if the user simply opened the message, and not necessarily the accompanying file. That kind of threat is both new and alarming. (Source: computerworld.com)

Despite the immensely mischievous potential of the flaw, Yahoo claims that no one was attacked before the fix could be implemented. However, as a regular user of a Yahoo account (who frequently receives junk emails), the threat is particularly troubling.