Yahoo Mail has huge hole

Bizarre design flaw

By Nick Farrell

Wed Oct 01 2008, 11:14

YAHOO'S ZIMBRA client has a security hole so big you can fly an entire Borg collective through the middle of it and not worry about the cubes touching the sides.

According to Holden Karau, for some reason the passwords used to access Yahoo mail through the Zimbra client are sent over the Internet in clear text.

Writing in his bog, Karau said that he stumbled upon this problem while participating in the Yahoo Hack Day at the University of Waterloo.

Yahoo imap servers used by the Yahoo Desktop don't support SSL and the password was being transmitted in plain text, he said.

It means that If you use Zimbra to access your Yahoo mail, you almost certainly need to change your password and stop using Zimbra immediately especially if you've ever done so over wireless, Karau warned.

Karau warned Yahoo about the problem during his presentation, but no one seemed to give a toss.

A Zimbra spokesperson said that the problem had already been addressed in code, and a fix is in the next release. Yahoo said it would look into it now the press had got hold of it. µ

Game denies falling victim to hacking attack Logins don’t work Tuesday, 17 January 2012, 11:40 AM Read more	Asus Zenbook UX31E laptop review Macbook killer is let loose Wednesday, 2 November 2011, 16:59 PM Read more
Google issues Gmail security advice following SSL attack Iranian users forced to change passwords Friday, 9 September 2011, 15:04 PM Read more	Lulzsec: A life on the open waves Pirates and proud of it Monday, 6 June 2011, 17:13 PM Read more
Sony is hit with yet another hack attack, thousands of passwords compromised Lulzsec carries out Sownage promise and releases ‘various collections’ of stolen info Friday, 3 June 2011, 11:34 AM Read more	Linkedin SSL vulnerability leaves accounts open to hacking Cookie issues trip up the business networking web site Monday, 23 May 2011, 11:41 AM Read more

Comments

Gmail

Yet another reason to switch to Gmail; if you haven't done so already for some strange reason. 

Yahoo's spam filter is WORTHLESS, I don't see why anyone would still use their email service.

posted by : Duece, 01 October 2008 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

SQL Database Analyst - Lea

SQL Database Analyst - Lead...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Yahoo Mail has huge hole

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review