Re: [OT]Yahoo mail
On 20 Feb 2003 14:54:45 -0600,
DvB wrote:
>
> David Pastern <david@scsenterprises.com.au> writes:
>
> > Well that's cos Yahoo is *ucked - I won't use or recommend
> > their services ever again. I just had my ex g/f crack my
> > yahoo account, because of a weakness in their setup. When
> > you forget a p/w, you can do the secret question routine, and
> > if someone knows you well enough there's a chance that
Solution: change your passwords regularly, especially after an
estrangement.
> That's why you should never let anyone get to know you that
> well :-P
>
> > they'll guess it and be able to force a request of p/w. In
> > itself nothing too bad, but when the new p/w is posted on the
> > *ucking webpage (instead of being mailed to a registered
> > account)...then that cracker can easily just change your p/w
> > and log on and do what they want. The result:
>
> Yes, that is a pretty serious security flaw. However, I think
> they probably do it because the "real" address people sign up
> with isn't always valid when they request a password change (I
> know the one I supplied when I singed up for mine isn't valid
> anymore, and I've decided to leave it that way... which, after
> reading your post, might not be such a good thing).
I don't consider it a flaw at all. Yahoo was one of the best free
pop mail providers, and I have probably tried every provider
listed in emailaddresses.com (IIRC). Yahoo has since done away
with the free pop, so I have reduced my account to sucking email
alerts (like the Debian Security adivsory or the Marssociety
newsletter) via the fetchyahoo script.
Yahoo's fine as a fallback account or as an address I'd hand out
to people I don't know too well. If they turned out to be
relentless spammers, I could always sign up for a new
account: no questions asked. Try that with your ISP.
Reply to: