Yahoobleed: Another Screw-up From Yahoo!

Yahoo! Mail users may have been victims of yet another data thefts and sensitive information due to the software used to view images within the mail.

This software is called ImageMagick, supported by PHP, Ruby, Python and dozens of other languages. But sending an email with a modified image let servers leak confidential information about the recipients. In January 2015, a patch for ImageMagick was released, but Yahoo! engineers did not install it. Another patch was released recently after a security researcher warned the ImageMagick developers of the problem.

Instead of updating ImageMagick, Yahoo! recently preferred to completely disable support for this software. Almost certainly it’s too little too late, given the ongoing scandals that invest what was once the internet company.

Posted in:

Leave a Reply

Your email address will not be published. Required fields are marked *