Yahoo Accidentally Leaks Private Encryption Key For Axis, Its New Search System

News updates all day from your Fast Company editors.

Last night Yahoo introduced Axis, a browser extension/ mobile app designed to turbo-boost Internet searching. It's a bold new front in the Search Wars. But it was accompanied by another, less savory release, discovered by Nik Cubrilovic, an Australian entrepreneur: Yahoo accidentally leaked its private encryption key for the Chrome version. This is part of the certificate that secure websites and browser extenstion bear to prove that they're legitimately software created by who you believe to be true. The exposure of the certificate could allow a malicious coder to release code masqueradeing as a legitimate Yahoo app but carry out whatever data-scraping or other intrustions the coder desired. Yahoo quickly apologized, and released a new version for Chrome that does not contain the offending certificate data, but the implications of the slip have yet to be concluded.

To keep up with news like this, follow our main Fast Feed page throughout the day.

 

 

Add New Comment

0 Comments