It's possible without any phishing or virus attack or Trojan tool
It's possible without any phishing or virus attack or Trojan toolA Delhi-based professor with a private college recently complained that all his contacts on Yahoo mail are getting vulgar messages but he was sure that his account did not fall prey to any phishing/virus attack. Even cyber crime experts could not detect a virus/trojan strike.
Representative pic
But netizens would be amazed to find out that if you have an email with Yahoo, a hacker does not need the conventional weapons to get inside, thanks to an intrinsic weak link in the popular browser.
Ahmedabad-based cyber crime expert Sunny Vaghela claims to have found the vulnerable entry point at Yahoo that enables a person to get control over your account without even hacking into it. For getting into a Yahoo account, all that a cyber crook needs to do is to grab the cookie data available on the browser, which will in turn give access to all the sites and information on the user's computer.
Vaghela explained the process by getting access of the seven-year-old Yahoo email account of this reporter (email was hacked after the approval of the original user) in a few seconds.
"I sent an HTML scrip, which is not a trojan nor a virus but just a common link. As soon as it is clicked or opened it grabs the information on the browser and sends it to me. I have tried the same on other service providers but it could not be done, revealing that the loophole lies with the coding of Yahoo mail. Every website that is opened by an Internet user generates cookies containing its data. These cookies are present till the website is in use. The cookies are only deleted when the user closes the website and clears the cache," Vaghela explained.
"It not only gives access to your Yahoo email but all the information available on the browser. All the sites, gateways that require Yahoo ID could be accessed after that. Therefore, if you access job sites, social networking or have Yahoo mail id as alternate id to some other email account, the hacker can gain easy access," warns Vaghela.
An advisory note has been sent to the Yahoo team but they are yet to respond. Yahoo authorities also failed to reply to a query sent by MiD DAY.
Vaghela also warned that it was quite possible that a lot of international hackers were aware of such loopholes and are using it to steal data. "I have noticed an underground Pakistani hacker forum where hackers have posted the screenshot of a hacked Yahoo account and it could not be ignored that they are aware of this lapse."
This glitch can also be used for criminal activities, as hacking in this way leaves no trail to the hacker. Even the IP address of the hacker cannot be ascertained because the hacked system will only show the IP address of the victim.
Kanton ka chamanItem girl Meghna Naidu's email id was hacked and the hacker used her account to write obscene mails about her in June.
"I came to know that my gmail account has been hacked. The person was chatting with my friends and writing all obscene things about me. While talking with my friends, the impostor wrote that I am pregnant and wanted to abort the child," Meghna said.
It was Meghna's ex-publicist Dale Bhagwagar, who realised that something was fishy.
"She immediately called me up to confirm whether I was actually on the chat or not. It was then that she told me the whole story. I was shocked to hear this. It is not a small thing as it gives a bad impression of me. It is very stressful and hurting," Meghna added.
The actress, who came into the limelight with the song 'Kaliyon ka chaman', has filed a police complaint in Mumbai in this regard.
