Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Medireview Approach To Stopping E-Mail Attacks

Posted by timothy on from the can-neither-confirm-nor-deny dept.

dcsmith writes: "This article at the Need To Know web site reports that the free(as in beer) e-mail arm of Yahoo has been replacing certain words in messages received by yahoo.com e-mail accounts. In an apparent attempt to forestall cross-site scripting attacks, 'mocha' becomes 'espresso' and 'free expression' becomes 'free statement'... My personal favorite - since medieval contains the text "eval", it is altered to 'medireview' ... Check Google for the number of web sites containing medireview." Kwelstr points to this story at New Scientist as well.

4 of 260 comments (clear)

  1. Low Brow Solution by anomie · · Score: 2, Insightful

    This seems like a clumsy, low brow solution, not to mention the fact that they're causing their own kind of information corruption. So, if I'm search for medieval, now I have to sit and write down the variations on the them. The four letter combination eval pops up in thousands of words (my guess). It seems to me that this is creating one problem to try and solve another.

  2. Re:Can someone please explain... by roybadami · · Score: 2, Insightful

    Personally I think a better approach would be to nuke all , and tags.

  3. Arrgh by sulli · · Score: 3, Insightful

    Why not just give the user the option to STRIP OUT ALL THE FUCKING HTML IN EVERY EMAIL? I for one HATE html email - hate it with a passion - hate the slow loading and the crashing browsers and the cookies/images loaded without my permission. Add that feature and this problem goes away.

    --

    sulli
    RTFJ.
  4. "eval" != " eval "; by AmateurCoder · · Score: 2, Insightful

    Come on Yahoo. When parsing a block of text how hard is it to strip white spaces and evaluate each token individually?

    Replacing a key phrase even though it is part of another word seems like an amateur mistake don't ya think.