Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
19Activity
0 of .
Results for:
No results containing your search query
P. 1
A Post-Mortem of Yahoo! Account Security

A Post-Mortem of Yahoo! Account Security

Ratings: (0)|Views: 439 |Likes:
Published by SpyDr ByTe

More info:

Published by: SpyDr ByTe on Mar 12, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/08/2013

pdf

text

original

 
 
A Post-mortem of Yahoo!Account Security
ByGammarays
(gammarays64@gmail.com)
 
 
Contents
Part I-
Introduction
Part II-
A quick overview
Part III-
The structure of the authentication cookies and their role
Part IV-
The user database
Part V-
Scope
 Part VI-
Recommendations
Appendix A -
Rant
Appendix B
Greetings
Video -
(proof.avi) Demonstration of logging into any Yahoo! account.
 
 
“Yahoo! Inc. is a leading global Internet communications, commerce and mediacompany that offers a comprehensive branded network of services to more than 274million individuals each month worldwide.
” 
- Yahoo! Media RelationsMy initial goal in penetrating Yahoo!'s security was to take action against a constantinvasion of advertising bots, booters and credit card thieves that plague the chatsystem. Without sufficient measures in place to prevent these people coming back Ihave since realised it would be impossible for any individual to manage the problem.The purpose of this presentation is to demonstrate the following..
1) It is possible for an intruder to gain unauthorized access to a Yahoo! Productionserver ( already well known )2) That access can then be used to reverse engineer the authentication system.3) The same access can also be used to access the user database.4) With the correct components it is possible to login in to any Yahoo! Account and in many cases take control of it.
Introduction

Activity (19)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Jasper Lee liked this
ali_sev liked this
unknownman4ever liked this
inetd liked this
orcus liked this
akuspm liked this
juhidin liked this
Bangkukosong Ia liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->