whether any of us, people who read full disclosure, and may even be security researchers, would fall for a yahoo phish, or need to log into yahoo, is irrelevant. The fact is that yahoo mail is vulnerable to XSS, and less savvy users could be exploited.
Yahoo, along with all websites that accept user input, should filter their input... it's the right thing to do, since it increases security and prevents users from being exploited with XSS. Depending on the user to not allow himself to be exploited is how bad security habits are born. If you are like me and are constantly deleting cookies (using the mozilla extension "clear data", because I test a lot and this requires me to delete cookies a lot) you'd have to log in every time you use any site. Yahoo is vulnerable to XSS attacks, so they should fix their site, period. On 4/18/06, Morning Wood <[EMAIL PROTECTED]> wrote: > > Yahoo! Mail once in a while will ask you > > to re login again so it's not so anormal. > > I use Yahoo Mail, I have never once had to re-login in 4 years. > > dunno... > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
