Jump to content



Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (25 May 2013 - 07:59 PM) Yay, Shoutbox Is Back! Yahooo!
@  agyat : (24 May 2013 - 05:15 PM) O Dear, Where Are You? Without Your Words This Sb Is ..
@  agyat : (23 May 2013 - 01:23 AM) Wow! Mr. Sb Back Home.
@  OpaQue : (23 May 2013 - 12:44 AM) Ting
@  OpaQue : (24 April 2013 - 02:44 PM) I guess, Time to run Mycent script.
@  OpaQue : (24 April 2013 - 02:43 PM) wow.. not much spam. except habatt posting lot of links.. :P
@  yordan : (23 April 2013 - 01:04 PM) You're welcome, agyat. Nice to have been helpful. Second lesson: try full words, "you" instead of "EW".
@  agyat : (23 April 2013 - 05:03 AM) @YORDAN: tHANK EW FOR YOUR FIRST LESSON.   :D
@  yordan : (22 April 2013 - 09:43 PM) @agyat : "why don't you help me", or "please help me", or "please teach us"
@  yordan : (22 April 2013 - 09:42 PM) welcome back, velma
@  velma : (22 April 2013 - 07:51 AM) **yawns** Good to be back, wonder what is going on here :)
@  agyat : (22 April 2013 - 03:50 AM) Oh! so, why don't help me learn english..
@  yordan : (21 April 2013 - 08:38 PM) The goal mentioned by shiu : "learning english, learning computer"
@  agyat : (21 April 2013 - 06:31 PM) WHAT GOAL?
@  yordan : (20 April 2013 - 10:39 AM) yes, that's our goal. simultaneouly learning English and teaching/learning computer using.
@  shiyu : (20 April 2013 - 07:30 AM) learning english,learning computer
@  yordan : (19 April 2013 - 01:11 PM) Oh, I see, it's just a trick in order to force people looking at your texte. Somehow smart, maybe.
@  agyat : (19 April 2013 - 02:54 AM) And of course I know it is not SEO friendly.
@  agyat : (19 April 2013 - 02:52 AM) There may be two possible answers for that ....


1) Shout was posted using mobile keypad.

2) To force people read content carefully and/or with more concentration.
@  agyat : (19 April 2013 - 02:49 AM) There may be two possible answers for that ....

Replying to Yahoo's Zimbra Service Sent Passwords In Cleartext


Post Options

    • Can't make it out? Click here to generate a new image

  or Cancel


Topic Summary

tansqrx

Posted 30 September 2008 - 09:45 PM

During the University Yahoo! Hack Days (http://developer.yahoo.com/hacku/) a developer discovered or announced a vulnerability in Zimbra (http://www.zimbra.com/) that sent the password as cleartext over the network (http://news.cnet.com...0053870-83.html). The vulnerability has already been fixed (http://news.cnet.com...ag=2547-1_3-0-5) but it is recommended that if you used Zimbra, you should change your Yahoo! password.

From my standpoint this was surely a big goof for Yahoo! but I don’t think it will yield any substantial results. Before this article I had never heard of Zimbra and the attack is only possible if you can tap into the network between the user and Yahoo! (man in the middle attack). Unless you have a highly targeted attack is it doubtful that this will yield any Yahoo! credentials.

The thread at http://www.astahost....thm-t19331.html may also tie into this.

Review the complete topic (launches new window)

  1. Open Discussion & Free Web Hosting
  2. Computers & Tech
  3. Search Engines
  4. Yahoo!
  5. Yahoo's Zimbra Service Sent Passwords In Cleartext
  6. Rules