Yahoo released private key of axis OOPS!

Last night Yahoo introduced Axis, a browser extension/ mobile app designed to turbo-boost Internet searching. It’s a bold new front in the Search Wars. But it was accompanied by another, less savoury release, discovered by Nik Cubrilovic, an Australian entrepreneur: Yahoo accidentally leaked its private encryption key for the Chrome version. This is part of the certificate that secure websites and browser extension bear to prove that they’re legitimately software created by who you believe to be true. The exposure of the certificate could allow a malicious coder to release code masquerading as a legitimate Yahoo app but carry out whatever data-scraping or other instructions the coder desired. Yahoo quickly apologized, and released a new version for Chrome that does not contain the offending certificate data, but the implications of the slip have yet to be concluded.

Leave a Reply

Your email address will not be published. Required fields are marked *