Yahoo fumbles security in Axis browser launch
London - Arabstoday
Yahoo made its first foray into the browser business this evening, but did it give us an unfinished product? As my colleague Rafe Needleman explains, Axis is an aggressive product designed to eliminate the middleman in the usual search process and take visitors from query process straight to the desired page. However, this doesn't appear to be the only step Yahoo skipped; the struggling Internet pioneer also left out an explanation of its terms of service. A search for those basic rules turn up a placeholder page that informs users that, "Terms will go here." Granted most users don't care about the terms of service and even fewer have actually ever read them. But more troubling is a little nugget that Yahoo apparently left in its new browser. Nik Cubrilovic, a self-described blogger and hacker, found that the Yahoo Axis Chrome extension leaks its private certificate file, making it possible to counterfeit extensions: The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc. The easiest way to get this installed onto a victims machine would be to DNS spoof the update URL. The next time the extension attempts to update it will silently install and run the spoofed extension Cubrilovic said he reported the vulnerability to Yahoo but has yet to hear back. "There is also an element of obviousness in this vulnerability," he said in his post. "Any developer who is familiar with how Chrome extensions are verified who looked at the source of this package would have seen and noticed the certificate file." CNET has contacted Yahoo for comment on the matter and will update this post when we learn more information. In a comment attached to Cubrilovic's post, a user identifying himself as Ethan Batraski, head of product for the Search Innovation Group at Yahoo, said the company was taking steps to address the vulnerability: We recently learned of this Chrome vulnerability with Yahoo Axis and immediately disabled the Chrome extension. We have blacklisted the key with Google and is taking into affect immediately.We take these type of issues very seriously and are working around the clock to ensure this is resolved.
- Wednesday ,16 August GMT 17:47 2017 NASA: let's say something to Voyager 1 on 40th anniversary of launch
GMT 09:14 2017 Wednesday ,18 October
Is facial recognition the stuff of sci-fi? Not in ChinaGMT 08:31 2017 Saturday ,23 September
Vision 2030 will take Saudi Arabia into the futureGMT 20:37 2017 Thursday ,07 September
NASA captures images of strong solar flaresGMT 20:39 2017 Wednesday ,30 August
United Technologies near deal to buy Rockwell Collins: reportGMT 13:41 2017 Saturday ,19 August
Eclipse-chasers trot the globe, addicted to Moon's shadowGMT 17:47 2017 Wednesday ,16 August
NASA: let's say something to Voyager 1 on 40th anniversary of launchGMT 16:41 2017 Friday ,11 August
Asteroid to shave past Earth on Oct 12: ESAGMT 21:32 2017 Tuesday ,18 July
Japanese engineers develop headset-less VR system
Argentine peso starts to recover after two days of crashes
Buenos Aires - AFP
Argentina's peso began to recover on Friday as markets opened, making a tiny 0.68 percent gain after losing 20 percent of its value against the dollar over the previous twoTo partake in Beiteddine Festivals
Singer Bruni arrives in Beirut Sunday evening
Beirut - NNA
French renowned singer and supermodel, Carla Bruni, is expected to arrive this evening at Rafic Hariri International Airport in Beirut, accompanied by her husband, former French President Nicolas Sarkozy. BruniIn France
Microsoft to open 4 data centres
Paris - Al Maghrib Today
Microsoft is to open 4 data storage centers in France to meet strong customer demand for cloud computing, the head of the software giant's French operations told the Agence France-Presse onVAR in Champions League only from 2019-20 season
Moscow - AFP
UEFA are set to wait until next season before introducing Video Assistant Referees (VAR) in the Champions League, although they are still not ruling out having it in this season's final, president Aleksander Ceferin said on Friday. Ceferin has soFor $11.6 bn
Sanofi buys US haemophilia treatment firm
Paris - Al Maghrib Today
French pharmaceutical firm Sanofi said Monday it had reached an agreement to purchase US biotech company Bioverativ, which specialises in treatments for haemophilia and rare blood disorders, for $11.6 billion. Sanofi's chief executive Olivier Brandicourt said the acquisition "enhances itsParis show pays homage
To 'eternal style' of late Alaia
Paris - Al Maghrib Today
Two months after legendary designer Azzedine Alaia's sudden death plunged the fashion world into mourning, an exhibition in homage to the "King of Cling" opened Monday in his studios in Paris. The Tunisian-born designer, renowned for the way his clothes hugged the body, died suddenly in November aged 82, reportedly of heart failure after falling down the stairs at his home. The diminutive maverick, who ignored fashion week convention by showing when and where he wanted, in July produced his first couture collection in six years to rapturous reviews. Now some of his most iconic dresses are going on display in the glass-roofed gallery next to his studio and home in the Marais district where he used to show his creations. It includes the dress worn by supermodel Naomi Campbell, his longtime friend and muse, when she led hisGMT 09:22 2018 Monday ,22 January
Skincare PR Performance Full Year 2017GMT 11:03 2018 Wednesday ,24 January
New hunt for flight MH370 gets under wayGMT 10:57 2017 Thursday ,21 December
Modern colorful bedroom renovationGMT 13:56 2018 Tuesday ,23 January
Puigdemont candidate for Catalan presidentGMT 10:47 2018 Wednesday ,24 January
Turkey detains dozens moreGMT 15:43 2011 Wednesday ,27 July
Bateson report: Monkey research can be improved
GMT 15:26 2015 Wednesday ,05 August
19 things homeowners can do to save money
GMT 21:36 2015 Tuesday ,04 August
Militants kill local official in Southern Somalia
GMT 11:21 2015 Saturday ,19 December
Humanitarian and development work should keep pace with, and benefit from technology developmentsGMT 12:52 2011 Wednesday ,09 November
Talks on Greek coalition drag into third day
GMT 12:44 2017 Saturday ,04 March
Plastic artist to present 50 paintings
GMT 09:10 2017 Thursday ,02 February
Putin heads to Hungary for Orban meet
GMT 06:25 2016 Sunday ,22 May
7 armed group members captured dead in fighting
GMT 20:51 2014 Monday ,08 December
Triathlon a milestone for Bahrain
GMT 11:31 2014 Friday ,17 January
2 gunmen killed in a firefight north of Baghdad
GMT 01:00 2017 Thursday ,23 March
30 seconds with CEO of Innoventures EducationGMT 16:48 2012 Saturday ,15 December
Major UN climate change report draft leaked online
GMT 18:05 2017 Sunday ,17 September
Russia denies claim of airstrike on US-backed Syrian forceGMT 16:36 2011 Sunday ,16 October
Saddam daughter \'wants to publish his memoirs\'
GMT 19:25 2015 Friday ,07 August
Bahrain suspends pro-opposition newspaperGMT 17:08 2011 Thursday ,14 July
Protesters block Shell facility in Nigeria
GMT 09:10 2016 Tuesday ,16 August
China launches world first quantum satellite
GMT 01:55 2017 Wednesday ,22 February
Russia implicated in MH17 crash in Ukraine
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor