Security Basics mailing list archives
RE: Yahoo Webmail Sessions
From: Rohit <rohits79 () yahoo com>
Date: Wed, 19 May 2004 09:41:08 -0700 (PDT)
Yes, https should help in this case... which I should be using from now on. what I am not sure is if the problem is of squid/yahoo ? Has any one faced this problem anytime behind a natted network configured via squid caching proxy? is this a known issue? Sorry for putting across so many question!! hope this helps. thanks rohit --- Randy Williams <randyw () techsource com> wrote:
Howdy all, I'll volunteer something that may be of value: If you log into the "secure" session offered by Yahoo!, shouldn't that encrypt the password and help protect the session? Please correct me if I'm chasing rabbits... RandyW -----Original Message----- From: Rohit [mailto:rohits79 () yahoo com] Sent: Tuesday, May 18, 2004 1:16 AM To: security-basics () securityfocus com Subject: Yahoo Webmail Sessions Hi All!!!, This is the third time I saw some one else's inbox i.e Yahoo Webmail, being opened right after signing in with my credentials. After typing in the credentials, I get an entirely new session. Further if I try to click open "Check mail" I get an - "invalid mailbox state" error. I am using mozilla firefox browser(on win2k) and am behind squid. Similarly in my last company ditto phenomenon occured ( but only once) using ISA proxy server (ISA plugin). Am I being sniffed etc ... Please can anyone give any pointers how this can happen and how can I avoid my session being hijacked to others similarly. Thanks rohit __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
__________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Yahoo Webmail Sessions Rohit (May 18)
- RE: Yahoo Webmail Sessions Randy Williams (May 19)
- RE: Yahoo Webmail Sessions Rohit (May 20)
- Re: Yahoo Webmail Sessions Paul Kurczaba (May 21)
- RE: Yahoo Webmail Sessions Randy Williams (May 19)