Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Operating Systems

The Economist Suggests Linux For Netbooks 445

Posted by timothy from the and-they're-clever-guys dept.
Trepidity writes "In its roundup of how to choose a netbook, The Economist suggests that users 'avoid the temptation' to go for a Windows-based netbook, and in particular to treat them as mini laptops on which you'll install a range of apps. In their view, by the time you add the specs needed to run Windows and Windows apps effectively, you might as well have just bought a smallish laptop. Instead, they suggest the sweet spot is ultra-lite, Linux-based netbooks, with a focus on pre-installed software that caters to common tasks. They particularly like OpenOffice, which they rate as easier to use than MS Word and having 'no compatibility problems,' as well as various photo-management software." Besides which, does Windows offer spinning cubes for coffee-shop demos?
Security

Zimbra Desktop Vulnerable to Man-in-the-Middle Attack 49

Posted by timothy from the imperfect-world dept.
tiffanydanica writes "For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a mismatch occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password, making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems, it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface."
Security

Submission + - Yahoo! exposes auth info via man-in-the-middle

Submitted by tiffanydanica
tiffanydanica writes: For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a miss-match occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems & it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface.
Yahoo!

Submission + - Security flaw in Yahoo mail exposes auth info

Submitted by tdalek
tdalek writes: After patching its plaintext authentication gaffe, Yahoo! Zimbra Desktop has fumbled the security and privacy ball once again. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed.
Security

Submission + - Yahoo! Zimbra Desktop vulnerable to MiTM

Submitted by
holdenkarau
holdenkarau writes: "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."
Books

Amazon Kindle Endorsed By Oprah 197

Posted by kdawson from the you-could-pay-to-read-slashdot dept.
Oprah Winfrey enthused about the Amazon Kindle on her show today — it's her "new favorite thing" — and had Jeff Bezos on to announce a $50-off offer good till Nov. 1. A plug on Oprah is ordinarily a sign that a product has crossed over into the mainstream. But her show's audience has been slipping lately, and it's unclear how many cash-strapped citizens will be willing to part with $309 (after the special offer) for a new techno-gadget, for which they then have to shell out more money for DRM-encrusted content.
Privacy

Submission + - E-mails of Yahoo! iPhone users exposed

Submitted by Anonymous Coward
An anonymous reader writes: Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! Unlike the other default providers (gmail, etc.) Yahoo! doesn't use encryption for either downloading or sending messages. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request slightly obscured inside a bundle of XML, but security through obscurity isn't very effective. While the GSM protocol is cracked, this is probably of more concern to users who use the iPhone's built in Wi-Fi.
Technology (Apple)

Submission + - Tapping the iPhone, brought to you by Yahoo!

Submitted by tdalek
tdalek writes: You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more that other Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being, and using that account instead.
Security

Submission + - iPhone exposes emails in plaintext for Yahoo users 1

Submitted by
holdenkarau
holdenkarau writes: "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing usernames & passwords. It turns out that more than just Yahoo! Zimbra Desktop is affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames & passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), you might want to look at forwarding it somewhere else for the time being, and using that account instead."
Yahoo!

Submission + - iPhone & Yahoo! mail expose the text of emails

Submitted by kingofthehobos
kingofthehobos writes: You may remember the recent Slashdot article about Yahoo! Desktop exposing usernames and passwords. It turns out that more than just Yahoo! Zimbra desktop is affected, although to a lesser degree. In the original security whole, Yahoo!'s desktop program transmitted the usernames & passwords in plaintext. On the iPhone, authentication is encrypted, however all the messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request, but security through obscurity isn't very effective. Looking at the screen capture there also appears to be a "imie" field, which seems like it could be useful for phone cloners (if people still do those sorts of shenanigans). If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), you might want to look at forwarding it somewhere else for the time being, and using that account instead.
Encryption

Submission + - Yahoo! exposes usernames & passwords

Submitted by
tiffanydanica
tiffanydanica writes: "In a move hearkening back to the days of telnet, Yahoo!'s newest addition (Yahoo! Desktop) to there mail system exposes the full usernames & passwords over the wire (or wireless) in plaintext. But thats not all, doing some digging leads to the likely conclusion that all Yahoo! IMAP based client programs (including the Yahoo! iPhone) application are sending passwords in plaintext. CNET news, the Inquirer & Wired's Webmonkey are all reporting on the story (although in true Wired fashion the individual is called a "hacker"). So, if you know anyone who might have installed Yahoo! Zimbra Desktop, or used Yahoo!'s iPhone application passing the news on and getting them to switch back to the web interface and change their password (until the issues are fixed) would be ++good."
Privacy

Submission + - Yahoo! exposes user passwords (uwaterloo.ca) 3

Submitted by kingofthehobos
kingofthehobos writes: In a move hearkening back to the days of telnet, Yahoo!'s newest addition to there mail system exposes the full usernames & passwords over the wire (or wireless) in plaintext. Both CNET news & Wired's Webmonkey are reporting on the story (although in true Wired fashion the individual is called a "hacker"). So, if you know anyone who might have installed Yahoo! Zimbra Desktop getting them to switch back to the web interface and change there password (until the issues are fixed) would be ++good.
Security

Submission + - How secure is our software?

Submitted by alphabetasigmagamma
alphabetasigmagamma writes: Is it reasonable to expect that sensitive information should be encrypted before sent across the internet? Recent news, such as the security breach discovered in Yahoo desktop's mail software, as reported by CNET and Wired's Webmonkey has made many people wonder how safe their personal information is, when being sent through third party applications. In the case of Yahoo, personal information, such as passwords were sent in clear text across the wire, exposing users to possible security breaches. Can we trust our sensitive information in a software ecosystem that encompasses hundreds of pieces of software that interact with the internet everyday?
Security

Submission + - Security flaw in Yahoo mail exposes plaintext auth

Submitted by
holdenkarau
holdenkarau writes: "Yahoo!'s acquisition of opensource mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. Ironically enough, the flaw was discovered during a Yahoo "hacku" day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent hoopla about gmail exposing the names associated with accounts, this seems down right scary. So if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the oh so retro web interface."

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close