Aardvark Daily

Please visit the sponsor!

Yahoo/Xtra email beyond a joke

When it first happened, even I got caught out.

An innocent looking email from a friend carried the casual greeting "hi" and brief message suggesting I check out the link included in the message.

The sender was a trustworthy guy who'd provided some interesting and useful online references in the past -- and I keep my computers pretty secure so I didn't think twice about clicking it.

In the blink of an eye, I too had been pwnd by a nasty little vulnerability in the Yahoo mail system which meant that some evil little sod could now log into my account and send emails to my friends and associates containing similarly nasty links.

Since then I've been far more suspicious about unsolicited emails -- even from people I know and trust and thus, I have not been caught out again.

Yahoo and Xtra for their part quickly told the world that the problem was solved.

They lied.

Proof of that was seen when the same, or a very similar vulnerability was again exploited just a few months later -- causing Xtra to tell all their email customers to change passwords.

One would think that they must have fixed the problem after that... right?

Well events of last week would indicate that they have not. In fact, it's starting to look as if they don't have the slightest clue how to close this gaping security hole.

Around the middle of last week I started getting another wave of unsolicited "hi" videos containing links that I had no intention of clicking. Unfortunately, many, many others were not so savvy and once again a wave of infection washed across the Xtra/YahooMail ecosystem.

Once again Xtra is "investigating" the issue and once again they have told folk to change their passwords.

This is ridiculous!

When will they simply wake up to reality and realise "OMG! YahooMail is totally insecure and nobody knows how to fix it"?

The business decision is clear -- Xtra must ditch YahooMail and opt for something at least a little more secure. Goodness knows there are enough other options out there that this ought to be a no-brainer.

Yes, there will be a cost involved in migrating to such a system but that will pale into insignificance against the costs that many customers are now experiencing in terms of being unable to trust their email.

Or Xtra could take the logical step of saying "we don't do email any more" and simply telling customers to set up their own GMail, HotMail or whatever account.

When you think about it... there is no real reason for an ISP to provide email services any longer. Back in "the olden days", the ISP had to provide an email service because there were no "free" ones but the world is a much different place today.

So Xtra -- why not just reduce your account fees by $0.50 and tell everyone that email is a service that will no longer be provided as of a specified date. Remember that this would not be without precedent -- usenet was treated like this many years ago -- a service that was simply pulled without so much as a by your leave.

Or could it be that Xtra makes just too much money from its email services?

Like all Xtra customers, I have an email account -- but I have never used it so don't know what it even looks like. However, I do recall logging in once or twice, only to find my mailbox filled to bursting with spam -- how does that work? A virgin email address that has never ever sent an email receiving huge volumes of spam? Hmmmm...!

Do Xtra email accounts have advertising plastered all over them? If so, does Xtra earn a healthy amount of dosh from those ads? Could this be why they refuse to ditch Yahoo or ditch email completely?

Please visit the sponsor!

(Sorry, forums are stuffed at present)

PERMALINK to this column

Rank This Aardvark Page

Change Font