Tapping the IPhone, Courtesy of Yahoo!

Tapping the IPhone, Courtesy of Yahoo! 27

Posted by timothy on Thursday October 09, 2008 @04:16PM from the when-tumblers-align dept.

tdalek writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being."

Tapping the IPhone, Courtesy of Yahoo!

Search 27 Comments Log In/Create an Account

Comments Filter:

Re:so what? (Score:4, Interesting)

by repvik ( 96666 ) writes: on Thursday October 09, 2008 @05:05PM (#25320519)

E-mail being insecure isn't news. Defaulting to plaintext auth almost is.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Tapping the IPhone, Courtesy of Yahoo! 27

Tapping the IPhone, Courtesy of Yahoo! More Login

Tapping the IPhone, Courtesy of Yahoo!

Re:so what? (Score:4, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot