David Pastern <[EMAIL PROTECTED]> writes: > Well that's cos Yahoo is *ucked - I won't use or recommend their services > ever again. I just had my ex g/f crack my yahoo account, because of a > weakness in their setup. When you forget a p/w, you can do the secret > question routine, and if someone knows you well enough there's a chance that
That's why you should never let anyone get to know you that well :-P > they'll guess it and be able to force a request of p/w. In itself nothing > too bad, but when the new p/w is posted on the *ucking webpage (instead of > being mailed to a registered account)...then that cracker can easily just > change your p/w and log on and do what they want. The result: > Yes, that is a pretty serious security flaw. However, I think they probably do it because the "real" address people sign up with isn't always valid when they request a password change (I know the one I supplied when I singed up for mine isn't valid anymore, and I've decided to leave it that way... which, after reading your post, might not be such a good thing). Anyway, sorry about your trouble and I hope you're able to continue using Debian. I'll digress from this, now hopelessly offtopic, thread. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
