Security Basics mailing list archives
RE: Yahoo Webmail Sessions
From: "Randy Williams" <randyw () techsource com>
Date: Tue, 18 May 2004 17:11:12 -0400
Howdy all, I'll volunteer something that may be of value: If you log into the "secure" session offered by Yahoo!, shouldn't that encrypt the password and help protect the session? Please correct me if I'm chasing rabbits... RandyW -----Original Message----- From: Rohit [mailto:rohits79 () yahoo com] Sent: Tuesday, May 18, 2004 1:16 AM To: security-basics () securityfocus com Subject: Yahoo Webmail Sessions Hi All!!!, This is the third time I saw some one else's inbox i.e Yahoo Webmail, being opened right after signing in with my credentials. After typing in the credentials, I get an entirely new session. Further if I try to click open "Check mail" I get an - "invalid mailbox state" error. I am using mozilla firefox browser(on win2k) and am behind squid. Similarly in my last company ditto phenomenon occured ( but only once) using ISA proxy server (ISA plugin). Am I being sniffed etc ... Please can anyone give any pointers how this can happen and how can I avoid my session being hijacked to others similarly. Thanks rohit __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Yahoo Webmail Sessions Rohit (May 18)
- RE: Yahoo Webmail Sessions Randy Williams (May 19)
- RE: Yahoo Webmail Sessions Rohit (May 20)
- Re: Yahoo Webmail Sessions Paul Kurczaba (May 21)
- RE: Yahoo Webmail Sessions Randy Williams (May 19)