Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Book Reviews

Recent reviews from Slashdot readers:

Submitting a review for consideration is easy; please first read Slashdot's book review guidelines. Updated: 2008114 by samzenpus

+-   Yahoo! exposes auth info via man-in-the-middle on Friday November 21 2008, @04:22PM tiffanydanica

Submitted by tiffanydanica on Friday November 21 2008, @04:22PM
security
tiffanydanica writes "For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a miss-match occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems & it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface."
submission
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Yahoo! exposes auth info via man-in-the-middle 0 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
Search
There is no grief which time does not lessen and soften.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.