Yahoo 360 users are easily tricked into deleting blogs
A bug in today's most popular online diary system in Vietnam could be used by bad guys to prank others by forcing them to click on a command-line link to delete the contents of the victim's blog. The trap will be self
A bug in today's most popular online diary system in Vietnam could be used by bad guys to prank others by forcing them to click on a command-line link to delete the contents of the victim's blog. People who are trapped will "hand out" with their passionate lines or share from friends.
Discovering this flaw, Nguyen Ngoc Long, Network Administrator at a large IT enterprise in the country, described this as the CS Site's Cross Site Request Forgery (CSRF) error, a method to borrow someone else's hand to perform an action. permission.
Instead of establishing a transparent mechanism for deleting and editing information content to avoid the occurrence of mistaken deletion, the Yahoo 360 service provider did not tailor an admin page all through cookies. and session . to make it easier for users. So if someone wants to play bad, delete an entry or comment on someone else's blog, will prepare a link with the parameter to delete a content in the format of that blog and then find a way to lure the victim to click. Then, if the victim is in the login state available to his or her blog (which means that the cookie and session . are already stored on the machine), the trap will actively delete the specified content in the link.
Bad guys can cause victims to manually delete information on their blogs.Photo VNE .
BKIS Network Security Center recognizes that bad guys can exploit this bug to attack users' blogs. However, this "hidden stone throw" of this type can only stop at attacking each blog but cannot "devastate" on a large scale because it wants to "target" a blog to prepare its own malicious link for that site. .
Nguyen Ngoc Long said he sent a warning about this vulnerability to the Yahoo 360 admin team, but has not heard any reply yet. " In my opinion, Yahoo 360 users should temporarily not log in to their 'virtual home' or someone else's before the error is fixed by the vendor, " Long said.
Mr. Vu Ngoc Son, BKIS expert, also recommends: " While waiting for Yahoo 360 to tighten safety for personal blogs, users should be more careful with strange links, and should also backup. his important articles ".
Nguyen Hang
- Yahoo introduced 'social bookmarks'
- Quick search with Yahoo Search Shortcut
- Sharing videos over the network: a new development trend of the era
- Yahoo Photos will close to promote Flickr
- New risk on the Net: Bad blogs
- The new worm attacks Yahoo Messenger users
- Yahoo wants to regain the pioneering position?
- This special car can turn into any other car
- Yahoo testing social network Mash
- Yahoo and PayPal team up in online payment
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system