Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
May 24, 2012 06:05 pm

Yahoo Includes Private Key In Source File For Axis Chrome Extension


Trailrunner7 writes "Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser will then treat as authentic. The mistake was discovered on Wednesday, soon after Yahoo had launched Axis, which is both a standalone browser for mobile devices as well as an extension for Firefox, Chrome, Safari and Internet Explorer. ... Within hours of the Axis launch, a writer and hacker named Nik Cubrilovic had noticed that the source file for the Axis Chrome extension included the private PGP key that Yahoo used to sign the file. That key is what the Chrome browser would look for in order to ensure that the extension is legitimate and authentic, and so it should never be disclosed publicly."

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9YgzVxqEtyo/yahoo-includes-private-key-in-source-file-for-axis-chrome-extension

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot