Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-06-21 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Yahoo! Login Server Problems

Published: 2006-06-21
Last Updated: 2006-06-21 19:26:18 UTC
by Scott Fendley (Version: 4)
0 comment(s)
We have received a number of reports indicating problems with various parts of Yahoo! services (mail, IM, groups). These services all seem to work properly with cached credentials, so we suspect that there is a problem with part of the authentication system.  We have _no_ confirmed information of what is the source of these difficulties, but will continue to monitor and update this diary when more information is available.

Update: One of our readers, Nick, noted a possibility of what is going on. XDisclose released an advisory about Yahoo! vulnerabilities located at http:// www.xdisclose.com/ XD100001.txt . With so little real concrete evidence, I do not know if this is coincidental or not.

<Disclaimer>  We cannot confirm what is the true source of the authentication failures of this morning.  So do not yell at us if the above is truely coincidental or related to maintenance go awry regarding it, or something else entirely different.  In addition, that URL has not been linked in to prevent people from being click happy.  The site does generate some pop-ups for those with javascript enabled.  </disclaimer>

Update 2:  Whatever the problem was appears to have been cleared up and authentication is working again.

ISC Handlers
Keywords:
0 comment(s)

Opera 9 long href PoC

Published: 2006-06-21
Last Updated: 2006-06-21 18:55:52 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Well, it didn't take long.  Yesterday, Opera 9 came out, today there is a proof of concept for a long href denial of service exploit.  No word on when a patch will be available.
Keywords:
0 comment(s)
Diary Archives