Yahoo Redirection Hole Exploited by Phishers

Every day I get quite a few spam e-mails. Normally I just delete them but today I'm in an investingating mood :)

So, I got this message titled "eBay Member" from "aw-confirm@eBay.com". First of all, I took a look at the header to find out it had been sent through a german gateway. Why would the famous online auction site stationed in the U.S. use such a server? It wouldn't!

And of course there was a link (hidden under HTML) pointing to

http://rds.yahoo.com/_ylt=Ah0geusyaM2xEzqMAjS9XNyoA/SIG=11do5qdq6/EXP=1148028186/**http%3a//3281702322/https://signin.ebay.com/showgifUsingSSL862984con462msgMNSIEhufem37ajhd84Sllencrypt370/ws/eBayISAPI.dllSignIn.php??https://ebay.com

If you visit that pretty long and suspicious link you get a web site just like the eBay.com login page only the SSL icon is missing. And this is because only the original site is in possession of the certificate.

Anyway. Last month I talked about a google redirection hole but then again almost all search engines suffer from similar exploits. Yahoo is one of them. The question is what can we do to fill these holes while preserving the freedom of information and user-friendliness of the service.

Finally, one thing that keeps us somehow safe from phishers is that everybody speaks greek and all these e-mails are in english so in the majority of cases you have no business with a foreign service and disregard it. I could only imagine what would happen if they were written in our native language.