Hacker's ad for a Yahoo email-stealing exploit, up for sale at $700

Brian Krebs has located and published a sales pitch from a hacker who has found a zero-day exploit allowing him to steal cookies from Yahoo webmail users, granting access to their accounts.

“I’m selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers,” wrote the vendor of this exploit, using the hacker handle ‘TheHell.’ “And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don’t want it to be patched soon!”

Yahoo Email-Stealing Exploit Fetches $700

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: Business • security • videos • yahoo • youtube

More at Boing Boing

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

The Snowden Principle

http://www.peterbagge.com/ Buddy Bradley

I’m guessing this only works if the victim is dumb enough to click on a link in a spammy-looking email, right?
- Glippiglop
  
  Yes. This is the sort of trick that you would use in a phishing expedition, whereby the attacker might only expect 1% of the 1,000,000 people he emailed to click on the link. A career criminal could easily turn a profit from the initial investment.
  
  It’s a good trick to employ as the attacker does not need to forge the login page of the affected site; in fact the browser will likely log the user straight into the account if a cookie is active from a previous session. This can be observed in the video.
- invictus
  
  You’re guessing incorrectly. Stored xss can execute on load, with no input from the user. It all depends on where in served page the script is being injected.
  See http://en.wikipedia.org/wiki/Cross-site_scripting#Persistent for a brief explanation.
danimagoo

“Will sell only to trusted people” … irony much?
- bklynchris
  
  …”cause I don’t want it to get patched soon!” add dickweed to irony, and what a bizarrely written sentence.
http://www.facebook.com/jrrennie Jake Rennie

$700 for one exploit? I’m in the wrong line of work.
Charlie B

I’m glad this stuff is out in the open. If our corporate-owned governments had their way, we’d never know about these vulnerabilities.
Tankut Erinc

it will be patched up as soon as yahoo puts together $700.
oh wait!
plyx

Fuck this guy. Fuck all “hackers”. Real h4x0rz don’t steal from common folk.
- Boundegar
  
  Is that what they told you in Wired?
- http://tryingsense.blogspot.com/ R_Young
  
  Perhaps you meant “shouldn’t”.
  
  The following question is then “According to who?”
  or whom. Whatever.
http://www.figuiere.net/hub/ Hubert Figuière

Remember, Yahoo! Mail is still not offered over https. Which mean that it is already vulnerable to basic traffic sniffing.