Yahoo fumbles security in the Axis browser launch

As every top companies of the world were doing everything they can do to wax stronger in order to control a large percentage of the market, the management at Yahoo, after a turbulent season (first, sacking majority of its leaders due to one reason or the other and second, losing large percentage of its business authority to competitors), has finally announced their own version of a standard alone web browser called AXIS – but the browser is an unfinished product. 🙂

The browser according to a confirmed source says that Yahoo failed to publish the “terms of service” for its new browser thereby causing the browser to have some loopholes.

It was announced yesterday by Yahoo but the browser was unfinished product as we’ve just said because the company rushed into releasing the product to the market.

Axis is a product by Yahoo Inc., basically designed to eliminate the existence of middleman in the usual search process and direct all users from their query process to the exact page they wanted to go to without hassle of visiting third party pages before they would be lead to the normal query page.

That means, if the browser eventually becomes a success, Mozilla and Google Chrome that normally redirects users to default search engine page such as Google.com will find a good competitor, which is Axis.

Few months ago, we cover an article here when Mozilla eventually signed an agreement with Google for its official homepage which is a sign that the browser is becoming more or less of Google’ supporters for Chrome’ success. Even since then, according to my own experience, Mozilla has never been that good to me due to bugs and others.

Apart from the vulnerability of the new Axis browser, it does not stop there because that wasn’t only where the company did messed up, the troubled internet pioneer company also let out an explanation of its terms of service – truly an unfinished product. 😛

On its official page, there’s a text saying “Terms will go here” which shows that the company was rushed into the release of the product yesterday which supposes not to be that way. They suppose to spend some time in giving people a beta version of the product so that they can give either good or bad review on it in order to help them deliver the best that the people will accept.

Since majority of tech related products’ users doesn’t care to read the terms of service of most of the products they used before trying to use them, it shows that many of them won’t notice majority of these issues in the browser release. Even fewer of tech products users have ever read the terms of services since date according to statistics. But, my concern is about what Nik Cubrilovic, a blogger and hacker recently described in his blog post. He said he found out that Yahoo Axis chrome extension leaks the browser’s certificate file thereby making it easy for counterfeit extensions to have their ways:

“It is very clear that with the private certificate file and a fake extension, hackers can easily create spoofed packages that will capture all web data including web traffic, passwords, browser session cookies, etc.”

He continued further by saying that the easier way to get that spoofed package onto the victim’s PC would be by DNS spoofing the update URL for the extension when next there’s an update for the extension. That means, when next the extension attempts to update, it will silently install and by default run the spoofed extension onto the browser.

In an attempt to curb the situation, Cubrilovic said he had earlier reported the vulnerability to Yahoo but ever since had not yet heard a feedback from them concerning this.yahoo axis vulnerability

There’s also an element of openness in this vulnerability,” Cubrilovic said in his blog post. And he continued further by saying; “any developer who’s familiar with how Google Chrome extensions are verified would have seen and noticed where the certificate file is located in there.”

However, in response to Cubrilovic’s post, a user identifying himself as the head of product for the Search Innovation Group at Yahoo by name, Ethan Batraski, said the popular search company was taking needed steps on the matter and it will be resolved as soon as possible. Ethan said:

We recently learned of this Chrome extension vulnerability with Yahoo Axis and immediately, we have disabled the Chrome extension in order to control the situation. In addition to that, we’ve blacklisted the key with Google and it is taking into effect immediately. We take these types of issues very seriously and are working around the clock to ensure this is resolved.

Is this the end of Yahoo Axis? Absolutely no! We’ll get you noticed as soon as the issue is resolved.

Previous articleKazaa Returns to Stop Internet Piracy
Next articleSee How Your Website Looks Like Everywhere
Olawale Daniel is a business builder and psychologist, a network marketing professional, a world-class motivational speaker, a successful internet entrepreneur and a digital media strategist interested in all things mobile and digital — start-ups, media, branding. He started TechAtLast back in 2010 as a platform to quench his thirst for latest technologies. As a motivational speaker and author, Olawale has published several motivational and personal development books and he's currently working on "SUCCESS AHEAD - Don't Quit" which is billed to hit the stand by Q4 of the year. He writes regularly on his personal website on motivation and personal lifestyle and tips for network marketing success, OlawaleDaniel.com. His latest book on How to Sponsor More People in Your Network Marketing Business is still one of the best sellers in its category. He's presently working as a Health and Wellness consultant at BURN SLIM TRIM Inc., a firm that helps people regain their perfect lifestyle through state-of-the-art recent discoveries way back from nature. He's also the brain behind FOBCourse, a business university for startup entrepreneurs in Africa.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.