A cross-site scripting (XSS) flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts, according to a hacker who is offering to sell an alleged zero-day vulnerability exploit for $700. The cybercrook, who uses the online nickname TheHell, knocked up a video to market the exploit which he is attempting to sell …
Well, seems like there's one way...
Maybe I'm being silly, but I think if they searched their database for an account emails similar to his they'd probably find it. Not sure if that would violate some privacy laws though.
I wonder if the video showed enough of the URL to nail him
I'm sure they have logs with those GUID-type ids saved.
XSS Is a Hassle
Given the large number of potential instantiations of XSS, it can be tricky to discover all potential attacks. Finding them in AJAX heavy web applications can be even more difficult.
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- NASA finds first Earth-sized planet in a habitable zone around star