Skip to main content

Yahoo messes up Axis browser launch with major security flaw

Yahoo messes up Axis browser launch with major security flaw
Axis-dental muck ups
Audio player loading…

Yahoo launched a new search-laden mobile browser this morning, but appeared to have forgotten a couple of teensy-weensy but ever so crucial little tiny details like, you know, robust security and terms of service.

Whoops! Yahoo Axis, which is available as an iOS browser as well as a Chrome extension, intends to cut out the usual search engine middle man by taking users straight from search query to web page.

It's an interesting one, and requires quite specific search terms to really work – for example, if we search 'bears' we're not really interested in the Chicago Bears American football team, we're rather more interested in the actual creatures of the ursine persuasion.

But because the Chicago Bears have significantly better SEO, they come top and we have to flick past them to get to Pooh and friends.


Anyway, it's worth giving it a go – and you'll be pleased to hear that those security issues have been addressed.

One developer found that the Axis Chrome extension leaks its private certificate file, making it child's play for forgers and cloners to create fake extensions that phish for users' passwords, session cookies and the rest.

As a result, Yahoo disabled the Chrome extension for a time, although it is now back up and running. Yahoo says it has "blacklisted the exposed cert key with Google which has resolved the vulnerability".

The slightly panicked statement also reads, "We take issues like this very seriously and are dedicated to working around the clock to ensure resolution."

And the terms of service, which were once just a placeholder reading "Terms will go here", are now in place so you can merrily go on not reading them safe in the knowledge that they are actually there.

So it could be a case of all's well that ends well, although the fumbled launch doesn't make the already-troubled company look particularly good.

Via The Next Web

News Editor (UK)

It's a perpetual challenge among the TechRadar staff to send Kate (Twitter, Google+) a link to something interesting on the internet that she hasn't already seen. As TechRadar's News Editor (UK), she's constantly on the hunt for top news and intriguing stories to feed your gadget lust. And having been immersed in the world of tech and tech rumours for more than six years, she can spot a photoshopped iPhone 8 image from 20 paces.