Hack Hack Hack Hack It Apart
Security expert Brian Krebs dropped a bomb on Yahoo email users last week, though his warning was probably lost in the roar of stories about Black Friday fistfights. According to Mr. Krebs, an Egyptian hacker using the screen name TheHell is selling a Yahoo Mail exploit that could allow an attacker to take over and control a victim’s email and browser activity. TheHell is only charging $700 for the information.
TheHell uploaded a video demonstration to prove he was serious. Mr. Krebs reproduced the video, which you can watch below.
There’s a second part to the story of a hacker who built a malicious worm at a Yahoo-sponsored hackathon in Bucharest that exploits a vulnerability in a Yahoo developer service. The hacker, who goes by Pax, was offended when the hackathon organizers cut short his time on stage due and failed to give him due respect for a clever (though malicious) hack, or thank him and his team partner for exposing a security hole. “They were/are complete assholes,” he said on Twitter after someone commented that the officials’ reaction had turned a white hat effort into a grudge.