yahoo fumbles security in axis browser launch
Last Updated : GMT 05:17:37
Emiratesvoice, emirates voice
Emiratesvoice, emirates voice
Last Updated : GMT 05:17:37
Emiratesvoice, emirates voice

Yahoo fumbles security in Axis browser launch

Emiratesvoice, emirates voice

Emiratesvoice, emirates voice Yahoo fumbles security in Axis browser launch

London - Arabstoday

Yahoo made its first foray into the browser business this evening, but did it give us an unfinished product? As my colleague Rafe Needleman explains, Axis is an aggressive product designed to eliminate the middleman in the usual search process and take visitors from query process straight to the desired page. However, this doesn\'t appear to be the only step Yahoo skipped; the struggling Internet pioneer also left out an explanation of its terms of service. A search for those basic rules turn up a placeholder page that informs users that, \"Terms will go here.\" Granted most users don\'t care about the terms of service and even fewer have actually ever read them. But more troubling is a little nugget that Yahoo apparently left in its new browser. Nik Cubrilovic, a self-described blogger and hacker, found that the Yahoo Axis Chrome extension leaks its private certificate file, making it possible to counterfeit extensions: The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc. The easiest way to get this installed onto a victims machine would be to DNS spoof the update URL. The next time the extension attempts to update it will silently install and run the spoofed extension Cubrilovic said he reported the vulnerability to Yahoo but has yet to hear back. \"There is also an element of obviousness in this vulnerability,\" he said in his post. \"Any developer who is familiar with how Chrome extensions are verified who looked at the source of this package would have seen and noticed the certificate file.\" CNET has contacted Yahoo for comment on the matter and will update this post when we learn more information. In a comment attached to Cubrilovic\'s post, a user identifying himself as Ethan Batraski, head of product for the Search Innovation Group at Yahoo, said the company was taking steps to address the vulnerability: We recently learned of this Chrome vulnerability with Yahoo Axis and immediately disabled the Chrome extension. We have blacklisted the key with Google and is taking into affect immediately.We take these type of issues very seriously and are working around the clock to ensure this is resolved.

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

yahoo fumbles security in axis browser launch yahoo fumbles security in axis browser launch

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

yahoo fumbles security in axis browser launch yahoo fumbles security in axis browser launch

 



GMT 10:18 2016 Wednesday ,23 March

cartoon seven

GMT 10:16 2016 Wednesday ,23 March

cartoon five

GMT 09:58 2016 Wednesday ,23 March

cartoon four

GMT 10:18 2016 Wednesday ,23 March

cartoon eight

GMT 10:34 2017 Wednesday ,21 June

Saudi Minister meets Iraqi Minister

GMT 03:35 2012 Tuesday ,26 June

Galaxy S III sales to hit 10 mln in July

GMT 07:30 2017 Sunday ,31 December

Wizards cruise past reeling Rockets

GMT 14:30 2017 Friday ,22 December

Yemeni parties rebuke Houthi repressive actions

GMT 18:41 2017 Tuesday ,05 September

Fear and sweating in Pakistan's hottest cities

GMT 05:04 2024 Tuesday ,06 February

Skincare PR Performance Full Year 2017

GMT 19:21 2017 Monday ,06 March

France slams Houthis for using child soldiers

GMT 06:43 2017 Tuesday ,24 January

Xiaomi’s Barra quits China for Silicon Valley

GMT 11:40 2016 Saturday ,19 November

Ogilvy hits lead to set up Open showdown with Spieth
 
 Emirates Voice Facebook,emirates voice facebook  Emirates Voice Twitter,emirates voice twitter Emirates Voice Rss,emirates voice rss  Emirates Voice Youtube,emirates voice youtube  Emirates Voice Youtube,emirates voice youtube

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2025 ©

Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2025 ©

emiratesvoieen emiratesvoiceen emiratesvoiceen emiratesvoiceen
emiratesvoice emiratesvoice emiratesvoice
emiratesvoice
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
emiratesvoice, Emiratesvoice, Emiratesvoice