Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Yahoo Mail Security Flaw Exposes Passwords

By Scott Gilbertson September 29, 2008 Categories: Software & Tools

ZimbraA hacker working on a way to access Yahoo Mail via IMAP, recently discovered that Yahoo’s desktop e-mail client is sending your password as plain text. That’s bad news for those of you using the desktop client over public wifi connections, where just about anyone with the know-how can see your unencrypted traffic.

Zimbra, creators of what is now the Yahoo Mail desktop client, responded to the news by assuring users that a fix is already in the code and just needs to be pushed out. The problem however seems to be primarily on Yahoo’s end, since the IMAP servers appear to refuse secure connections.

A Zimbra employee writes on the company’s forum site:

This issue has been addressed from Yahoo mail server side and the patches have just been rolled out to all servers. We added related support in desktop client code and it’s in the next release. Once we roll out the next release, server will phase out the old way of authentication. The new way of authentication will not send password over clear channels.

In the mean time we would suggest sticking with the web-based e-mail client when you’re working on public or otherwise insecure internet connections.

See Also:

Tags: e-mail, security
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year