Yahoo plugs email hole but web services issue highlighted

The world’s 200 million or so Yahoo email users can breathe a little easier today because the global internet company says it has plugged a potentially dangerous hole in its system that allowed a dangerous JavaScript worm to infect email users’ computers.

The vulnerability enabled the worm, called Yamanner to infect a computer and proliferate via its email address book to other Yahoo Mail users merely by opening the email message.

Yamanner exploits a vulnerability that enables scripts embedded in HTML e-mails to be run by the user’s browser. Yahoo Mail normally blocks JavaScript programs but there was one script it allowed which concerned uploading images in emails to the server. Yamanner substituted its own JavaScript code for the image handling script.

The Yahoo Mail vulnerability and its relation to JavaScript has raised the issue over security related to the provision of web services that use JavaScript.

Yahoo, Google and other companies have already released products to the market based on the current web services technology flavour of the month AJAX (Asynchronous JavaScript And XML). Google Calendar and Google Spreadsheet are the latest examples. More such online web services are in the pipeline. According to a report in Information Week, the proliferation of AJAX in online applications could provide fertile ground for hackers because a JavaScript application is very difficult to protect.

For users interested in downloading the plethora of free online applications now on offer from internet companies, the news that many the applications may not be safe will be discomforting. The Yahoo incident demonstrated that it is possible for hackers to replace a resident JavaScript program with another malicious JavaScript program which in turn can launch a rogue website. If nothing else, this could well put a significant kink in the best laid plans of the providers of web services.

Submit Article :- Blogmarks + Digg + Del.icio.us + Ekstreme Socializer + Feedmarker + Furl + Google Bookmarks + ma.gnolia + Netvouz + RawSugar + Reddit + Scuttle + Shadows + Simpy + Spurl + Technorati + Unalog + Wink

Posted in: General

This entry was posted on Thursday, June 15th, 2006 at 6:31 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.