Re: Yahoo hacked

Aleph One (aleph1@DFW.NET)
Wed, 10 Dec 1997 12:27:38 -0600

There is been a lot of uncertainty regarding the Yahoo hack. A lot of
people belive it was a hoax. Well today there is an article on the San Joe
Mercuriy on the subject. "Hackers leave Yahoo digital ransom note"
(http://spyglass1.sjmercury.com/premium/business/docs/yahoo10.htm with
paid subscription) has little technical detail behind the hack. They do
quoet Diane Hunt, a spokeswoman for the company, stating that the mesage
was up for only 10 to 15 minutes and that they "immidiately took action
to see the extent of the damage and moved to correct it". So it seems it
was real after all.

There is also been a lot of questions on the feasibility of
transmitting a computer virus via web browsing. The writter had the good
luck of talking to Jonathan Wheat at the NCSA that is clueful enough to
state that such attacks are at least possible given the rather large
number of security vulnerabilities found in web browsers but its unlikely
in this case if the quality of the message left on the web page is any
indication of hackers technical abilities. Of curse then he goes on
quoting Jammon Campbell, also at NCSA, that sticks his foot in his month
by saying "that's pretty much ridiculous".

The real question, that will probably remain unanwsered, is what was
the hole? The top choise on the list is DNS chache poissoning to redirect
Yahoo's homepage to some other web server, but that does not mix well with
the statement that Yahoo was able to fix the problem after they realized
what was going on.

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01