Don’t like the news? Change it yourself!

The method Yahoo! uses to authenticate its Internal network users has been changed after SecurityFocus reported on the ability of any external user to gain access to the Yahoo!

The method Yahoo! uses to authenticate its Internal network users has been changed after SecurityFocus reported on the ability of any external user to gain access to the Yahoo! internal network and modify news posted on Yahoo!'s news service, using nothing more than a web browser and a well-known URL.

The hole, first discovered by Adrian Lamo, has since been fixed by Yahoo! techs.

Lamo utilised a technique so simple, that it's almost laughable. Unless of course you are a Yahoo! network technician, in which case you would be a decidedly deep shade of red right now.

Yahoo! use a collection of three proxy's placed between their internal network and the wider Internet. To modify Yahoo! news, all a user needed to do was set their browser to go through one of the three Yahoo! proxy's. Any external user doing this then appeared as Internal to the Yahoo! network, giving them fully trusted access to Yahoo!'s content management system, which includes news posting.

Aliens: Colonial Marines in depth; Z-77 Motherboard round-up; strategy gaming special; Home Server tutorial. PLUS MUCH MORE - ON SALE NOW!

Ads by Google

Atomic Magazine

Issue: 137 | June, 2012

Atomic is a magazine aimed squarely at computer enthusiasts, gamers, and serious PC upgraders.

Every month we bring you the latest reviews of new technology and PC components, in depth features on everything from overclocking to console hacking, and gaming previews and interviews.

What's in this issue?