Re: Yahoo Multiple Vulnerabilities ( Authentication Bypass, Session Binding, Cookie Encoding Security Weakness, Cross-Site Scripting and URL Redirection )


Sebastian Gottschalk wrote:
privacy concerned wrote:

[a big long and totally unnecessary fullquote snipped]

Wow! Should you start encrypting emails in your Yahoo Mail account now?

No. You should already do so.

"You" means Yahoo Mail users. Most of Yahoo Mail users do not use
encryption yet.

You can do this easily using EaSecure available at
http://www.easecure.com/ .

But isn't encryption about actual security? And damn, what about the
receiver? He must be able to decrypt it as well.

No problem. The receiver uses the EaSecure standalone client to decrypt
the message. EaSecure message is an ".eas" attachment. You can use the
EaSecure standalone client to open the ".eas" attachment. Most of Yahoo
Mail users do not have an SMTP server. EaSecure provides an SMTP server
for sending EaSecure messages using the steandalone client.

Beside that, once again, you're about the last guy I would trust on
security: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.0.3705; .NET CLR 1.1.4322)

You don't have to trust me, but if you are going to use encryption at
all, you need to trust some vendor for providing you the software,
unless you write your own code from scratch.

.

Relevant Pages

  • Re: About PGP Signing a File.
    ... The question then is how much do you trust this key that you believe ... It belongs to a certain person, the question is which (and if it ... PGP/GnuPG functionality. ... PGP/GnuPG encryption and integrity verification ...
    (Ubuntu)
  • Re: Python & SSL
    ... Encryption has multiple meanings. ... a particular secret. ... intro to why this chain of trust isn't all it's cracked up to be. ... to paid some money to one of the dozens of cert authorities for a minimal ...
    (comp.lang.python)
  • Re: Ping: David Scott "biject" regarding behavior of text in "Perfect Privacy", please.
    ... encryption product I would call it Oil of Black Mamba ... I don't trust it because they want you to pay for the chance ... Its a biejctive ppm compressor with full ... crypto even more. ...
    (sci.crypt)
  • Re: Request for Comment - OT
    ... case that in order to convince the various intended end-users of the ... Tomcat servers that could require SSL encryption and for all purposes ... Encryption isn't the problem per se .. ... they trust their browser to do SSL with their money, ...
    (Fedora)
  • Re: Encryption for SW files
    ... Court is an option but $3000 is the limit for Small Claims ... Applying encryption to files provided to a new ... customer would not be sending a signal of trust. ... this client will have the need for your services again. ...
    (comp.cad.solidworks)