Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - Microsoft attempts to censure bing vulnerability

An anonymous reader writes: Microsoft's bing search engine has a vulnerability with its cash-back promotion, which impacts both merchants and customers. In traditional Microsoft style, Microsoft responded to the author of the breaking bing cashback with a cease & desist letter, rather than fixing the security problems. It is possible for a malicous user to create fake bing cash-back requests, resulting in not only fake cash-back costs for the merchant, but also blocking legitimate customers from receiving there cash-back from bing. The original post is currently available in bing's cahce (although perhaps not for long). But no worries, the author makes it clear that the exploit should be painfully obvious to anyone that reads the bing cashback sdk.

Submission + - Security flaw in Yahoo mail exposes plaintext auth

holdenkarau writes: "Yahoo!'s acquisition of opensource mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. Ironically enough, the flaw was discovered during a Yahoo "hacku" day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent hoopla about gmail exposing the names associated with accounts, this seems down right scary. So if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the oh so retro web interface."

Some programming languages manage to absorb change, but withstand progress. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982