[Bad] Yahoo! fails to implement https

7 views
Skip to first unread message

mic...@michielbdejong.com

unread,
Dec 6, 2012, 5:09:19 AM12/6/12
to to...@googlegroups.com
Yahoo! has repeatedly been urged by consumer rights organizations to adopt HTTPS, but has taken no visible steps to do so.
This means criminals can access your user data, without a warrant, for all Yahoo! accounts. That is pretty bad.
https://www.accessnow.org/blog/2012/11/15/access-civil-society-sign-open-letter-to-yahoo-ceo-urging-implementation-of

Ciao,
Michiel

Robin Monks

unread,
Dec 6, 2012, 10:25:17 AM12/6/12
to to...@googlegroups.com, mic...@michielbdejong.com
It doesn't mean all accounts are vulnerable at once; just that you are incredibly open to man-in-the-middle attacks, correct?

Robin Monks

unread,
Dec 6, 2012, 1:50:12 PM12/6/12
to to...@googlegroups.com, mic...@michielbdejong.com
Also a few screenshots:
1) SSL setting in Yahoo Mail options:
2) Login form is https:
3) Registration form is https:

It would seem all sensitive areas so use SSL, at least here in Canada. Can someone verify this for Yahoo in the US?

/Robin

Robin Monks

unread,
Dec 6, 2012, 1:52:57 PM12/6/12
to to...@googlegroups.com, mic...@michielbdejong.com
As another note (sorry to keep bumping this). It would be good to be able to alert to people where to turn on SSL for their account.

* HTTPS is not enabled by default. Click here to enable in your account settings.

Just an idea.

/Robin

Ian McGowan

unread,
Jun 12, 2013, 1:58:55 PM6/12/13
to to...@googlegroups.com, mic...@michielbdejong.com
I recall discussing/reading about the "irrelevant" points on tosdr and believe this "https" falls under that category. Whether or not a site employs https isn't really related to the terms.
Reply all
Reply to author
Forward
0 new messages