WebApp Sec mailing list archives

yahoo mail login security

From: Ace123 <flace9 () gmail com>
Date: Sun, 30 Apr 2006 13:25:37 +0530

Clicking on "Why this is secure" link on the yahoo login page gives this:

"Yahoo! now submits your ID and password securely via SSL (Secure
Sockets Layer) encryption. This means that your personal information
is more secure every time you sign in.

In the past, Yahoo! used a challenge-response mechanism to protect
passwords using MD5. Passwords were scrambled using a one-way hash, so
that they could not be converted to clear text."


What could be the reasons why yahoo changed their login security mechanism?

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------

Current thread:

yahoo mail login security Ace123 (Apr 30)
- Re: yahoo mail login security Andrew van der Stock (May 01)
- <Possible follow-ups>
- Re: yahoo mail login security ROB DIXON (May 01)
- RE: yahoo mail login security Matt Fisher (May 01)
- Re: yahoo mail login security Ace123 (May 01)
  - Re: yahoo mail login security Sels, Roger (May 03)
    - Re: yahoo mail login security Ace123 (May 03)
    - Re: yahoo mail login security Sels, Roger (May 03)
- Re: Re: yahoo mail login security Damon Leung (May 03)
  - Re: Re: yahoo mail login security Darren Bounds (May 04)
    - Re: Re: yahoo mail login security Prakash Kailasa (May 05)

(Thread continues...)