Re: [OT]Yahoo mail

To: Debian-User <debian-user@lists.debian.org>
Cc:
Subject: Re: [OT]Yahoo mail
From: DvB <imasu@earthlink.net>
Date: 20 Feb 2003 14:54:45 -0600
Message-id: <[🔎] 86heaywu3u.fsf@homeip.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] C1A43A2480E7D311A69E0080C8D7F0B912CCF8@mailserv.scsenterprises.com.au>
References: <[🔎] C1A43A2480E7D311A69E0080C8D7F0B912CCF8@mailserv.scsenterprises.com.au>

David Pastern <david@scsenterprises.com.au> writes:

> Well that's cos Yahoo is *ucked - I won't use or recommend their services
> ever again. I just had my ex g/f crack my yahoo account, because of a
> weakness in their setup.  When you forget a p/w, you can do the secret
> question routine, and if someone knows you well enough there's a chance that

That's why you should never let anyone get to know you that well :-P

> they'll guess it and be able to force a request of p/w.  In itself nothing
> too bad, but when the new p/w is posted on the *ucking webpage (instead of
> being mailed to a registered account)...then that cracker can easily just
> change your p/w and log on and do what they want.  The result:  
> 

Yes, that is a pretty serious security flaw. However, I think they
probably do it because the "real" address people sign up with isn't
always valid when they request a password change (I know the one I
supplied when I singed up for mine isn't valid anymore, and I've decided
to leave it that way... which, after reading your post, might not be such
a good thing).

Anyway, sorry about your trouble and I hope you're able to continue
using Debian.

I'll digress from this, now hopelessly offtopic, thread.

Reply to:

Follow-Ups:
- Re: [OT]Yahoo mail
  - From: csj@mindgate.net

References:
- RE: [OT]Yahoo mail
  - From: David Pastern <david@scsenterprises.com.au>

Prev by Date: Re: SSL Encrypiton
Next by Date: DHCP/DNS assistance
Previous by thread: RE: [OT]Yahoo mail
Next by thread: Re: [OT]Yahoo mail
Index(es):
- Date
- Thread