While we’re not picking on Yahoo — it’s just plain wrong to kick a man when he’s down — someone needs to take a look at the Axis terms and conditions page and, well, give it some terms and conditions…because right now there’s nothing there bar the holding message.
Actually, on second thoughts, given what John Muellerleile (@jrecursive) spotted earlier, perhaps leaving the section blank isn’t such a bad idea after all.
Maybe it’s just the way it pops up, but this request for permission is likely to concern more than a few people. We wonder if it will actually turn some potential users away.
Of course, these issues are small fry compared to the gaping security glitch that tech blogger Nick Cubrilovic just unearthed.
He found that the Yahoo Axis Chrome extension leaks its private certificate file, meaning it is vulnerable to being forged and cloned into fake extensions. That’s NOT good news, as he explains:
The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc.
Interestingly Microsoft’s Bing stands to gain from Axis, assuming these issues don’t put off interested users, as the search engine drops its search box on top of whatever page is being navigated.
But that is rather by-the-by right now given the security issue that has cropped up.
We’ve reached out to Yahoo for some responses and will update you with any details that we’re given.
Update: Yahoo has told us that the terms and conditions page for Axis is now live.
Pssst, hey you!
Do you want to get the sassiest daily tech newsletter every day, in your inbox, for FREE? Of course you do: sign up for Big Spam here.