On 20 Feb 2003 14:54:45 -0600, DvB wrote: > > David Pastern <[EMAIL PROTECTED]> writes: > > > Well that's cos Yahoo is *ucked - I won't use or recommend > > their services ever again. I just had my ex g/f crack my > > yahoo account, because of a weakness in their setup. When > > you forget a p/w, you can do the secret question routine, and > > if someone knows you well enough there's a chance that
Solution: change your passwords regularly, especially after an estrangement. > That's why you should never let anyone get to know you that > well :-P > > > they'll guess it and be able to force a request of p/w. In > > itself nothing too bad, but when the new p/w is posted on the > > *ucking webpage (instead of being mailed to a registered > > account)...then that cracker can easily just change your p/w > > and log on and do what they want. The result: > > Yes, that is a pretty serious security flaw. However, I think > they probably do it because the "real" address people sign up > with isn't always valid when they request a password change (I > know the one I supplied when I singed up for mine isn't valid > anymore, and I've decided to leave it that way... which, after > reading your post, might not be such a good thing). I don't consider it a flaw at all. Yahoo was one of the best free pop mail providers, and I have probably tried every provider listed in emailaddresses.com (IIRC). Yahoo has since done away with the free pop, so I have reduced my account to sucking email alerts (like the Debian Security adivsory or the Marssociety newsletter) via the fetchyahoo script. Yahoo's fine as a fallback account or as an address I'd hand out to people I don't know too well. If they turned out to be relentless spammers, I could always sign up for a new account: no questions asked. Try that with your ISP. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
