[Boatanchors] Boatanchors hey
Bill Cromwell
wrcromwell at gmail.com
Mon Nov 12 13:30:36 EST 2012
Hi,
My solution to that is to not have an address book on my web based email
accounts. In fact I don't use the any "official" address book anywhere
so there is no address to hijack. Yeah - I have to work a little harder
at getting email out. It's still easy enough that even *I* can do it.
73,
Bill KU8H
Hoping to dodge the bullet
On Mon, 2012-11-12 at 09:57 -0500, Mike McCarthy, W1NR wrote:
Actually, these exploit a vulnerability in many of the public email
accounts like yahoo, gmail and hotmail. Generally, you leave your
account "logged in" as you use your browser. Following the link in the
email exploits the fact that you are already logged in and uses the
login cookies and service API's to execute code that sends email
through
that account, usually to everyone in your address book.
---snip---
>
> Mike, W1NR
More information about the Boatanchors
mailing list