Friday, 25 May 2012 15:54

Yahoo Leaks Private Key!

Yahoo released its Axis extension for Chrome and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo software.  The result is that a miscreant could forge malicious software to run amok on unsuspecting victim computers and it would appear to be coming from Yahoo.

An Australian researcher exposed the certificate mistake, and said users should not install the extension "until the issue is clarified." He examined the extension’s source code and found the private certificate, which Yahoo uses to sign the application to prove it is genuine and unaltered.

Published in News
Network neutrality is the principle that Internet users should be in control of what content they view and what applications they use on the Internet. The Internet has operated according to this neutrality principle since its earliest days. It is this neutrality that has allowed the internet to innovate and grow. Without equal access the internet dies.