Keep an eye out for fake Yahoo Browser Plugins!

According to Sophos, Yahoo! recently released a browser search plugin called Yahoo! Axis for Chrome, Firefox, Safari, and IE 9.

During this release, Yahoo! accidentally included the private key used to sign the packages inside the Chrome extension package.  This means anyone who downloaded the package now has Yahoo!'s private signing key and could make their own copy of the plugin and insert malicious code.

As a safeguard, if you decide to use Yahoo! Axis, make sure you download the plugin only from Yahoo's official download site.

No comments:

Post a Comment