Widespread Compromise Of Yahoo-Backed Email In New Zealand 47
First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."
It's the XSS flaw still active (Score:5, Interesting)
I got hit by this last week and blogged about it [aardvark.co.nz], griping that surely a company with the resources of Yahoo should be able to fix such a critical flaw faster than seems to be the case.
It would appear that Yahoo is happy to announce "fixexd" while the hackers simply exploit yet another hole in the company's shaky cloud.
Tragic.
Would Google be so lax in sorting out what is clearly a very critical issue that is affecting a large (and rapidly growing) number of users?