American hacker had gained access to Yahoo’s editorial system using only a normal browser! provide news
No more than a browser and an email address were allegedly needed to access Yahoo! rewrite news stories at will. As SecurityFocus reports, Adrian Lamo, a hacker, had been able to falsify an already old Reuters report on Tuesday without any problems. Especially in times like the present, when news plays a major role, such interventions could have unpleasant consequences.
Other areas of Yahoo were much better protected than access to news, criticized the 20-year-old hacker. "It is more difficult to access their statistics on advertising than their means of news production." Lamo was apparently able to access one of the three proxies that connect Yahoo’s internal network to the Internet by modifying the browser, thus posing without a password as an employee with access to produce and edit news stories.
Yahoo did not provide further details about the security breach, but closed it as soon as they learned about the hack from SecurityFocus. Yahoo takes security very seriously, said Kourosh Karimkhany of Yahoo News! News, and has taken the necessary steps to prevent unauthorized access.
Lamo had rewritten a message dated August 23 to demonstrate the questionable security hole. August, which is no longer read by many people. The news was about a delay in the trial of Russian programmer Dmitry Sklyarov, who created a program to bypass copy protection for Adobe eBooks and was arrested in the U.S. for violating the Digital Millennium Copyright Act. Lamo, among others, changed the message so that Sklyarov could face a death sentence. He was also able to rewrite more old news, but they are mostly no longer on Yahoo! News to be found. Thus, as he showed SecurityFocus by means of a screen shot, he had given a report of 10. In the August report of the Congressional Select Committee on Intelligence on the NSA, the wrong quote from the report was added: "The restructuring of the NSA is at the top of the list for the Committee. Together with AOL Times Warner, we expect to offer you a service that you will not be able to resist."
The alteration of news, especially on such crude and much visited portals as Yahoo, could well have dire consequences. Especially in times like now, when many people inform themselves via the Internet, the possible consequences of such "Attacks on information" but it was enough to manipulate news about companies or interest rate cuts, for example, to cause damage. Lamo himself affirms that he was shocked at how easily he had been able to gain access to the news: "At the time, I had a larger potential readership than the Washington Post. It could have caused great distress to many people who were interested in the events of that day if false or misleading information had been posted on the net."
In April, Lamo discovered a security breach at [email protected] that allowed access to three million accounts. He had informed the company and was honored by Excite in May. At the end of last year, he found a similar vulnerability in AOL Instant Messenger (AIM).