Security Flaw In Yahoo Mail Exposes Plaintext Authentication Info

holdenkarau writes "Yahoo!'s acquisition of open source mail client Zimbra has apparently brought some baggage to the mail team. The new Yahoo! desktop program transmits the authentication information in plain text. The flaw was discovered during a Yahoo 'hacku' Day at the University of Waterloo (the only Canadian school part of the trip). Compared to the recent news about Gmail exposing the names associated with accounts, this seems downright scary. So, if you have friends or relatives who might have installed Yahoo! desktop and value their e-mail accounts, now would be a good time to get them to change the password and switch back to the web interface."

Re:Overreaction...

[slugstone]

More to the point, if you are using one of these free ad ageny supplied services you surely are not using it for anything important or sensitive anyway.

Are you?

You give the general pubic to much credit or are you joking?

Re:You get what you pay for.

[Mr Z]

This is why I recommend people use paid ISPs for their real E-mail accounts, and perhaps use Yahoo, Google, or Rocketmail for registering on spammy websites where they want an E-mail address so they can make their advertisers happy.

When I signed up for DSL service, it was with SBC Yahoo! DSL, you insensitive clod!