RE: Yahoo Webmail Sessions

[Rohit <rohits79 () yahoo com>]

Yes, https should help in this case... which I should
be using from now on.

what I am not sure is if the problem is of squid/yahoo
? Has any one faced this problem anytime behind a
natted network configured via squid caching proxy? is
this a known issue? Sorry for putting across so many
question!! hope this helps.

thanks
rohit

--- Randy Williams <randyw () techsource com> wrote:
> Howdy all,
>
> I'll volunteer something that may be of value: If
> you log into the "secure"
> session offered by Yahoo!, shouldn't that encrypt
> the password and help
> protect the session?
>
> Please correct me if I'm chasing rabbits...
>
> RandyW
>
> -----Original Message-----
> From: Rohit [mailto:rohits79 () yahoo com] 
> Sent: Tuesday, May 18, 2004 1:16 AM
> To: security-basics () securityfocus com
> Subject: Yahoo Webmail Sessions
>
> Hi All!!!,
>
> This is the third time I saw some one else's inbox 
> i.e Yahoo Webmail, being opened right after signing
> in
> with my credentials.
>  
> After typing in the credentials, I get an entirely
> new
> session. Further if I try to click open "Check mail"
> I
> get an - "invalid mailbox state" error.
>
> I am using mozilla firefox browser(on win2k) and am
> behind squid. Similarly in my last company ditto
> phenomenon occured ( but only once) using ISA proxy
> server (ISA plugin). 
>
> Am I being sniffed etc ...
> Please can anyone give any pointers how this can
> happen and how can I avoid my session being hijacked
> to others similarly.
>
> Thanks
> rohit
>
>
>       
>               
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! - Internet access at a great low price.
> http://promo.yahoo.com/sbc/
---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545 off 
> any course! All of our class sizes are guaranteed to
> be 10 students or less 
> to facilitate one-on-one interaction with one of our
> expert instructors. 
> Attend a course taught by an expert instructor with
> years of in-the-field 
> pen testing experience in our state of the art
> hacking lab. Master the
> skills 
> of an Ethical Hacker to better assess the security
> of your organization. 
> Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
----------------------------------------------------------------------------
>
---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention
> this ad and get $545 off
> any course! All of our class sizes are guaranteed to
> be 10 students or less
> to facilitate one-on-one interaction with one of our
> expert instructors.
> Attend a course taught by an expert instructor with
> years of in-the-field
> pen testing experience in our state of the art
> hacking lab. Master the skills
> of an Ethical Hacker to better assess the security
> of your organization.
> Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>
----------------------------------------------------------------------------
>



        
                
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------