Yahoo! Mail -- the Web version -- *still* does not use HTTPS for most communications AFAIK. For example, if you're using a free wi-fi hotspot at a coffee shop, and you access Yahoo! Mail via their Web interface, practically everything except your login credentials flows in the clear. A fairly unsophisticated attacker can intercept that traffic and spoof your browser -- and access all your e-mail -- for up to 7 calendar days (the default timeout).
Security professionals have been warning Yahoo! and criticizing them for a decade. Google Mail and Microsoft Hotmail, among others, don't have the problem. (Google has always encrypted its Web UI for e-mail.) Yes, implementing HTTPS costs money. So do security breaches! In short, don't access Yahoo! Mail over any network that you don't trust -- or, better yet, don't access Yahoo! Mail over the Web at all. Access via IMAP -- iPhone or iPad, as examples -- using the built-in mail client is encrypted. Access via the free Zimbra Desktop software is also encrypted, to pick another example. Or don't use Yahoo! Mail at all. -------------------------------------------------------------------------------------------------------- Timothy Sipples Resident Enterprise Architect (Based in Singapore) E-Mail: timothy.sipp...@us.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
