YAHOO! users being targeted by HACKER

FreeRepublic Exclusive ^ | Oct. 29, 2003 | Johnathan R. Galt

[Prime Choice]

Has this exploit been confirmed on all browsers, or is only Microsoft's Internet Explorer (IE) vulnerable? Do tell...

[.38sw]

I never click on those links anyway. Just tells them they have an active email account. Thanks for the warning. I have a yahoo account I use.

[ThreeYearLurker]

Aha!. That is why my yahoo e-mail sucks and my hard drive was acting funky. Do you know a way out of this mess?

[Doug Loss]

Yet another reason to not use Outlook, IE, or Windows. This isn't affecting any Yahoo users on Macs or Linux boxes...

[John W]

Do you know this for a fact?

[Doug Loss]

From the article: "Clicking on such a link triggers the well-known HTML overflow exploit, thereby crashing the users computer and perhaps messing up the data on his harddrive."

This is a Windows-only exploit; it doesn't affect non-Windows systems.

[Ronin]

SpamGuard has been improved just today, by my reckoning. You can report as message as spam and delete it with one click. I have been doing so. ZAPZAPZAP!!!

Death to Spam!

[Flying Circus]

Thanks for the information. I was wondering why I have had so many more spam messages making their way into my Yahoo mail box lately. I never open mail I don't recognize and just trash it, but I took a look at what was in my trash folder and was surprised at how many seem to fit exactly the pattern you discribed.

[JohnathanRGalt]

SpamGuard has been improved just today, by my reckoning. You can report as message as spam and delete it with one click. I have been doing so. ZAPZAPZAP!!!

and a different looking spam is sent next time -- and is delivered right to my inbox. SpamGuard fails to recognize it.

[JohnathanRGalt]

Has this exploit been confirmed on all browsers, or is only Microsoft's Internet Explorer (IE) vulnerable? Do tell...

It's not just IE, I've confirmed the exploit on Netscape 7.1

[Ronin]

True, and I zap that one too. Unopened.

There is no relief in sight because the spammers are the warhead and the SpamGuard is the armor.

[js1138]

This sounds really stupid to me. I don't know any specific details about the exploit, but I used to write data entry programs under COBOL, then Unix C and DOS, then VB. I never allowed any data that could harm the program. I always read and validated any stream of data one character at a time. I had plenty of horsepower to do this with 8088 CPUs. There's no excuse for data crashing a program.

[JohnathanRGalt]

Yet another reason to not use Outlook, IE, or Windows. This isn't affecting any Yahoo users on Macs or Linux boxes...

This is a Windows-only exploit; it doesn't affect non-Windows systems.

No, Macs, Linux and other Unix boxes can be brought down with stack overflow exploits.

It's a programmer error in the browser code that parses the URL. The code parsing the URL does not check to see if the URL is longer than the buffer allocated for it.

If you'd like to find out if your particular box is suseptable I can forward you one of the evil emails and you can try clicking on the link.

[JohnathanRGalt]

There's no excuse for data crashing a program.

I agree.

Or is there any excuse for a program crash to bring down the entire operating system (as Macs used to do, and Windows still does).

[JohnathanRGalt]

There is no relief in sight because the spammers are the warhead and the SpamGuard is the armor.

I have to admit, for most other spam, SpamGuard works. Except for this particular (and dangerous) spam my inbox is usually free of spam.

I'm just saying there is a chink in the armor of SpamGuard. An evil hacker has found SpamGuard's Achilles heel.

After my first painful lesson, I now know enough not to click the URLs.

I just pity the fools (other Yahoo users) who have to go through what I did.

[Freemeorkillme]

sigh.... malicious web code is anything, but unusual.

[js1138]

It's been a long time since I saw a program bring down windows. Sometimes a hardware failure requires a restart, but I haven't rebooted windows for software issues since win2000 came along.

[JohnathanRGalt]

I haven't rebooted windows for software issues since win2000 came along.

I'm on Windows 2000.

I wonder if the exploit will work on WinXP?

[Ronin]

Oh, I am sure that Yahoo will plug this hole, eventually. But by that time the evil geniuses who figured out this trick will have come out with something else.

It's a never-ending cycle.