Hotmail, Yahoo vulnerable to security flaw
An Israeli security company is warning users of Yahoo Inc.'s Web e-mail service and Microsoft Corp.'s Hotmail service of a serious security flaw that could allow remote attackers to run malicious computer scripts on computers using Microsoft's Internet Explorer Web browser to check Web e-mail accounts.
The vulnerability was discovered in an Internet Explorer (IE) feature used to process extensions to HTML (Hypertext Markup Language) called HTML + TIME. The security hole could allow attackers to steal login and password information, or browse the contents of an e-mail account, according to an advisory released by GreyMagic Software.
The company tested the vulnerability against Yahoo and Hotmail, but it could affect other e-mail services, GreyMagic said.
By Paul Roberts at InfoWorld.
[ Read more ]