Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Medireview Approach To Stopping E-Mail Attacks

Posted by timothy on from the can-neither-confirm-nor-deny dept.

dcsmith writes: "This article at the Need To Know web site reports that the free(as in beer) e-mail arm of Yahoo has been replacing certain words in messages received by yahoo.com e-mail accounts. In an apparent attempt to forestall cross-site scripting attacks, 'mocha' becomes 'espresso' and 'free expression' becomes 'free statement'... My personal favorite - since medieval contains the text "eval", it is altered to 'medireview' ... Check Google for the number of web sites containing medireview." Kwelstr points to this story at New Scientist as well.

18 of 260 comments (clear)

  1. Wow by Nept · · Score: 5, Funny

    I can't believe it...a slashdot editor actually spelled "medieval" correctly.

    --
    "Teachers leave us kids alone ..." - Roger Waters, Pink Floyd
  2. Yahoo works better... by zulux · · Score: 4, Funny

    ...than the CmdrTaco speling and gramer filterer that keeps Slashdot free of all 'dose cross syte scripting bugs that plauge windozw lusers. It werks espeshilayy well of page wisening posts the effect Internet Exploder useres as well.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

    1. Re:Yahoo works better... by DotComVictim · · Score: 4, Funny

      What is wrong with you? You doesn't not even spell "gramer" right. The correct speling was "grahmer", like the crackers you probably doesn't not eat too.

  3. *grumble* by Kreeblah · · Score: 1, Funny

    What a medireviewly draconian policy . . .

  4. Yahoo response by naoursla · · Score: 5, Funny

    When questioned about the filter, Yahoo claimed the filter was "double plus good".

  5. The next hack by BoVLB · · Score: 2, Funny

    Of course, the next hack will be to produce e-mail that becomes a cross-site scripting attack (or criminal/tortious in some other way) after passing through Yahoo's filter. Who's going to bear the liability for that?

  6. They did a bad job on purpose by Anonymous Coward · · Score: 1, Funny

    If I was given such a stupid brain-dead project as this I wouldn't point out stupid mistakes in the project specification, I would interpret the specification in the stupid way.

    I wouldn't recommend looking for word boundries, or inside of certain tags only and so forth.

    Then after the outcry it might get withdrawn.

    I'm posting anonymous cos I don't want my project managers to know it's me!

    Joe

  7. Re:My words not thiers by ericmc42 · · Score: 2, Funny

    It wouldn't do anything to *your* email anyways... I doubt it picks up on words that aren't spelled correctly.

  8. It's not such a bad idea! by malraid · · Score: 2, Funny

    Instead, I say they should improve it!
    They should also correct all of the mail sent by script kiddies, tHoz tHat tYp LiKe Thiz, to something more logical.

    --
    please excuse my apathy
  9. Bah by SuiteSisterMary · · Score: 4, Funny

    When they're replacing random (or not so random...) words with either 'smurf' or 'fnord,' THEN it's time to worry.

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  10. Re:Other amusing mangled words floating around by robotpants · · Score: 2, Funny

    dreviewued: 5 matches. reviewuate: 173 matches. reviewuated: 83 matches. reviewuating: 63 matches. reviewuation: 249 matches. reviewuations: 47 matches. reviewuator: 2 matches.

  11. a taste of their medicine is in order (wishing) by Anonymous Coward · · Score: 1, Funny

    Whoever out there who is working on the next, newest client-side scripting language please add a command with the name 'yaho' or 'ahoo' or something like that. That'll learn 'em!

  12. Re:Reason for changes... by Jerf · · Score: 3, Funny

    And here I thought you had meant running s/.*//g as a deliberate commentary on the average value of email going to or from Yahoo!....

  13. Re:Enh? by wdr1 · · Score: 3, Funny

    Forgive me if I'm being dense, but how does replacing the word "mocha" prevent cross-site scripting problems? Is mocha() a function in some language with semantics "format the hard drive"?

    No, nothing like that.

    "mocha" is what javascript was called before the big java hype. You'd want to replace "mocha" for the same reason you want to replace "javascript", as many browsers will still treat the two the same for backwards-compatiblity reasons.

    -Bill

    --
    SlashSig Karma: Excellent (mostly affected by moderatio
  14. Do I have to change my name to .... by Medieval · · Score: 2, Funny

    Medireview ? :(

  15. multi-platform, anywhere by TheOnlyCoolTim · · Score: 3, Funny

    telnet mailserver.example.com 110

    +OK InterMail POP3 server ready.
    user exampleuser
    +OK please send PASS command
    pass examplepass
    +OK exampleuser is welcome here
    list
    +OK 1 messages
    1 719
    .
    retr 1
    +OK 719 octets

    I send you this message in order to have your advice.

    .
    dele 1
    +OK
    quit
    +OK exampleuser InterMail POP3 server signing off.

    Tim

    --
    Omnia vestra castrorum habetur nobis.
  16. Re:Low Brow Solution by PacoTaco · · Score: 3, Funny
    William F. Buckley produces one every now and then. His vocabulary is scary, and he is an incorrigible show-off.

    Personally, I think he's just a blatherskite. ;)

  17. Information corruption by Jonny+290 · · Score: 4, Funny

    I'm going to laugh when Starbucks sues the shit out of Yahoo when they order 100,000 units of mocha and get shipped 100,000 units of espresso.

    Fucking idiotic.

    --
    Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...