<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Security Flaw In Yahoo Mail Exposes Plaintext Authentication Info
- To: Ga <ga@xxxxxxxxxxxxxx>
- Subject: [ga] Security Flaw In Yahoo Mail Exposes Plaintext Authentication Info
- From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
- Date: Sat, 27 Sep 2008 01:20:02 -0700
All,
I hope ICANN is on top of this. But somehow I doubt it.
See:
Yahoo!'s acquisition of open source mail client Zimbra has apparently
brought some baggage to the mail team. The new Yahoo! desktop
program
http://blog.holdenkarau.com/2008/09/another-security-devirsion-yahoo-zimbra.html
transmits the authentication information in plain text. The flaw was
discovered during a Yahoo 'hacku' Day at the University of Waterloo
(the only Canadian school part of the trip). Compared to the recent
news about
http://tech.slashdot.org/article.pl?sid=08/07/16/2220232&tid=217
Gmail exposing the names associated with accounts, this seems downright
scary. So, if you have friends or relatives who might have installed
Yahoo! desktop and value their e-mail accounts, now would be a good
time to get them to change the password and switch back to the web
interface.
But this isn't the only problem with Yahoo. Serious security hole
in Yahoo's DNS still remains unfixed. One can only wonder why..
See:
http://member.dnsstuff.com/tools/dnslite.php?r=homepage&domain=yahoo.com
and
http://private.dnsstuff.com/tools/dnsreport.ch?domain=yahoo.com&token=0630551f6896ae9d1864868e141b7019
Regards,
Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|