Quote:
Originally Posted by jholder  I find it odd that someone would post a blog entry, and then submit it to slashdot to create sensationalism.
Responsible engineers notify the company first, Holden, of their concern. As JJ said, this issue has been addressed, and we are taking appropriate action. |
As my blog post states I notified Yahoo! during my "hacku" presentation. They didn't seem concerned, nor did they talk with me afterwords. Regardless, users need to be informed of this since it exposes there account information, and they should take steps to avoid this (like not using Zimbra over wireless until the fix is in). I find the suggestion that I'm not responsible, a little harsh. I fail to see the sensationalism, in my blog post or in the slashdot story, perhaps I am just blinded by my interest in this matter.
Rather than brushing me off complaining about a lack of encryption, I think it would have been a better course of action for Yahoo!/Zimbra to publicly disclosed this information to its users after I informed them, and switched the IMAP servers to require SSL to get people to download an update. Then everyone is happy (except for the bad guys).
Any chance of having my other questions answered about the Yahoo IMAP servers? I realize its a bit of loaded question, but it would be cool if I could still use Yahoo IMAP servers for my anti-spam project, if not I understand the business reasons behind it (gotta make money for those pro-accounts).
Regardless, lets be civil, hot tempers are never a good thing. If we're in the same city sometime soon give me a shout, I'll buy you a pint of beer
