Yahoo messes up Axis browser launch with major security flaw

Yahoo messes up Axis browser launch with major security flaw
Axis-dental muck ups

Yahoo launched a new search-laden mobile browser this morning, but appeared to have forgotten a couple of teensy-weensy but ever so crucial little tiny details like, you know, robust security and terms of service.

Whoops! Yahoo Axis, which is available as an iOS browser as well as a Chrome extension, intends to cut out the usual search engine middle man by taking users straight from search query to web page.

It's an interesting one, and requires quite specific search terms to really work – for example, if we search 'bears' we're not really interested in the Chicago Bears American football team, we're rather more interested in the actual creatures of the ursine persuasion.

But because the Chicago Bears have significantly better SEO, they come top and we have to flick past them to get to Pooh and friends.


Anyway, it's worth giving it a go – and you'll be pleased to hear that those security issues have been addressed.

One developer found that the Axis Chrome extension leaks its private certificate file, making it child's play for forgers and cloners to create fake extensions that phish for users' passwords, session cookies and the rest.

As a result, Yahoo disabled the Chrome extension for a time, although it is now back up and running. Yahoo says it has "blacklisted the exposed cert key with Google which has resolved the vulnerability".

The slightly panicked statement also reads, "We take issues like this very seriously and are dedicated to working around the clock to ensure resolution."

And the terms of service, which were once just a placeholder reading "Terms will go here", are now in place so you can merrily go on not reading them safe in the knowledge that they are actually there.

So it could be a case of all's well that ends well, although the fumbled launch doesn't make the already-troubled company look particularly good.

Via The Next Web

News Editor (UK)

Former UK News Editor for TechRadar, it was a perpetual challenge among the TechRadar staff to send Kate (Twitter, Google+) a link to something interesting on the internet that she hasn't already seen. As TechRadar's News Editor (UK), she was constantly on the hunt for top news and intriguing stories to feed your gadget lust. Kate now enjoys life as a renowned music critic – her words can be found in the i Paper, Guardian, GQ, Metro, Evening Standard and Time Out, and she's also the author of 'Amy Winehouse', a biography of the soul star.