Re: Yahoomail - Password hacking
- Yahoo passwords are sent via https when you log in, but after that
everything is in the clear. So your Yahoo password should be safe,
but that doesn't stop people from reading your email or grabbing your
login cookies after you've already logged in.
Login cookies expire in 24 hours and which point the user would need
to supply a password again, but 24 hours is a lot of time to fiddle
around with your account (delete email, change your profile, etc).
The only positive thing is that a password is always required to view
or make account changes, so a person can't completely hijack your
account, but they can do damage.
Needless to say if you store any username and passwords in your Yahoo
Mailbox, all of that would be accessible since any mail you view would
be visible to everyone on a non-encrypted wireless network.
This doesn't just affect wireless networks either. If you are on a
LAN (eg: work or school network), then your Yahoo Mail is visible as well.
That is why Yahoo mail should use https for viewing email.
--- In Y-Mail@yahoogroups.com, John Desmond <k0tg@...> wrote:
> The real security threat is that passwords are sent in the clear.
If you are at your favorite coffee shop using their Wi-Fi access, etc
someone can capture your password as it flys by. Not to likely, but
why take the chance these days. https would go a long way.