Selling security breaches is an area that has greatly increased in the last two – three years, this new commodity market is putting face to face sellers, that can range from simple hackers to specialized companies, and buyers, whose spectrum ranges from national security agencies or corporations from cyber criminal networks.
Some security breaches remain unknown to most of us, these services being bought for a fortune to develop some form of targeted attack, but others can affect us directly since it aims at ordinary services. In this case, it is Yahoo Mail, often used by users worldwide due to its omnipresence Yahoo Messenger messaging solution, for which an Egyptian hacker claims to have discovered a security vulnerability that allows data theft.
As the ad sale says, it is about a cross-site scripting attack (XSS) on Yahoo Mail that allows intercepting and replacing Cookies and / or redirecting the user to other websites with which it can be fooled. Worse, this vulnerability allows initiating a persistent attack, the data manipulated by hackers is saved on the server, it may affect more users than a standard attack. Compatible with all modern browsers and undetectable by their XSS filters just because of its persistent breach of security, this service is provided for the amount of $ 700 to any interested attacker.
According to statements made by Yahoo officials, plugging the Yahoo Mail security breach can be made in a few hours, but first they must must know where this hole can be found. What the Egyptian hacker knows well, announcing that they will only accept “serious” customers, in order not to compromise he’s discovery in a short time.