Webmaster rambling and mental notes
Home | Profile | Archives | Friends
Zimbra Desktop Vulnerable to Man-in-the-Middle Attack
11/23/2008

Tiffanydanica writes "For all the flack Mozilla gets about its new hardness warnings for https sites, at least it warns the user when a mismatch occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some lien issues), doesn't bother validating the SSL voucher


your ssl trust matterschoose a warranty



brink's home securityget a $49 touchstone home firmness system install. contact us today!www.brinkshomesecurity.comsponsored linkssecurity companyup to date video gage company to issue your ssl. keep merchantry protectedwww.globalsign.comdiplomaconvert your life taste into a diploma now. free evaluation.www.belforduniversity.orgthawte ssl certificateschoose from a on the other side before sending along the username and password, making it prone to a man-in-the-middle attack. This is doubtlessly a step up from air time the lore in the clear, since the attacker must switch from being passive to active, but with all of the DNS preservation problems, it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! money (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface."

Read more of this story at Slashdot.


More: - Read the rest here

Mark

Share |
(Posted in Nerd)
Share and enjoy
  • Digg
  • del.icio.us
  • blinkbits
  • BlinkList
  • BlogMemes
  • blogmarks
  • DZone
  • Fark
  • Furl
  • Netvouz
  • NewsVine
  • Reddit
  • Slashdot
  • Smarking
  • Spurl
  • StumbleUpon
  • Taggly
  • Technorati
  • YahooMyWeb
Post Comment

Notify me of followup comments via e-mail.

Entry 1 of 5719
Last Page | Next Page