Forgot your password?
typodupeerror
Security

+ - Yahoo! exposes auth info via man-in-the-middle

Submitted by tiffanydanica
tiffanydanica (1347719) writes "For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a miss-match occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems & it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Yahoo! exposes auth info via man-in-the-middle

Comments Filter:

Stupidity, like virtue, is its own reward.

Working...