Can't log-in to Yahoo mail with xBrowser

Discussion in 'privacy technology' started by Paradyne, Jul 21, 2007.

Thread Status:
Not open for further replies.
  1. Paradyne

    Paradyne Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    11
    Location:
    Texas
    I get the following yahoo error msg. "The browser you're using refuses to sign in. (cookies rejected)"

    I'm using xbrowser 2.0.0.4b running on a USB drive.
    FireFox is set to accept cookies
    Adblock Plus is disabled.
    FireFox cache is set to allow 1mb.

    But when I use the old Torpark (1.5.0.7), I can log on to Yahoo mail without issue.
    Any ideas?
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yahoo scripts have been blacklisted in xB Browser because yahoo is a known compromiser of privacy, who hands over personal data for illegitimate requests.

    I highly suggest you change email addresses.

    However, you should be able to log in if it doesn't use javascript.
     
  3. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    Steve, is it possible for someone to make a log-in in some Yahoo's group list by using a different e-mail provider, like Gmail?

    Some Yahoo groups require you to be registered in order to see their archives and messages (accessing by surfing on the group website), others don't need you to be associated as a member.

    That's my only use of Yahoo services. I will never use their email again.

    So, is it possible to make a register on some Yahoo's group by using XeroBank (2.0.0.4b)?

    Also, please check this thread:

    Yahoo Sign and Seal

    https://www.wilderssecurity.com/showthread.php?t=177223

    Their cookies were being placed on a different directory, hidden on your hard drive.
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I think you can login using any yahoo id, which should work without regard to email address, such as a Yahoo Messenger account credentials.

    Regarding the Yahoo cookies, I think those may be DOM cookies, which have been disabled since. I'll give it a try out. There are some inherently messy things about firefox that I'll be speaking with Mozilla about cleaning up. This will be one of them if I can duplicate the issue.
     
  5. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    That's a relief, I found yahoo.com on XB's cookies blacklist, and I am able to remove if it's necessary.

    I was afraid, Steve, you have configured XB from the very beginning to block Yahoo in some way that only advanced users who were willing to recompile XB.exe file could fix it.

    Like I said before, I do not wish to use any Yahoo services, other than Yahoo groups who requires registered users in order to see their archives. Perhaps cookies (and Javascript) will be needed.

    What are "DOOM-super cookies", Steve?

    As for the Yahoo problem, the Yahoo sign and seal thread explains this method used by Yahoo by placing cookies using XML extension in another place of your hard drive.

    In that case, it doesn't matter how many times that user was erasing his cookies, or even not saving them.

    Xerobank and other browsers were reading this Yahoo.xml file from another directory (Documents and Settings/Program Files/Aplication Data instead of XB, Firefox and IE cookies default directories).
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Here is the horror of DOM: http://ejohn.org/blog/dom-storage/

    As for yahoo, there is probably a way to stop that. I'm not sure how they are getting access to write such a file, I'll be sure to kill that.

    There is also another flaw, that mozilla can load plugins from the registry. I may put in a checker and give users the option to kill those sneaky plugins.
     
  7. Jim Verard

    Jim Verard Registered Member

    Joined:
    Jun 5, 2007
    Posts:
    205
    English is not my native language, so I can't understand exactly what are DOM cookies. The link you provide is not helpful and there's no detailed description of what are they, and what they can do (or these info are much complicated for newbie users). Perhaps a little description can help?

    I discover these .XML files from Yahoo described on Yahoo Sign and Seal thread on the following path/directory:

    C:\Documents and Settings\user\Application Data

    They were placed on some Temporary directories with funny names (823642GASD, 7125ZJHSGD, etc.).

    So, after that (they were deleted), they were not placed on this path anymore. Never.

    Instead, they were placed on the following path (I am using Windows XP):

    C:\Documents and Settings\user\UserData

    That's a surprise for me, because these Yahoo scripts (I think they are from Yahoo, it's the same filename) were placed on the other path. I discover these days.

    I don't know how these scripts work, perhaps they are not required unless you sign the box "Remember my login/password on this computer"? I know my browser erases personal data after he is closed, however, if you don't sign this box, you will be disconected minutes after you make a login.

    Here on this thread there's a link from Yahoo explaining how they work. The explanation of this feature:

    https://www.wilderssecurity.com/showthread.php?t=177223

    http://help.yahoo.com/l/us/yahoo/security/index.html

    What is a sign and seal?

    A sign-in seal is a secret message or image that you select to help protect your account from phishing -- a scam that tries to steal your password or personal information by spoofing a legitimate web site.

    When you create a sign-in seal for your computer, you can be sure you're on a legitimate Yahoo! site each time you use this computer to sign in to Yahoo!. Just look for the custom text or image you set up on this computer. If it's not there, you might have landed on a "spoofed" site.

    Your sign-in seal is saved on the computer you created it on. If you use more than one computer or browser, you may want to create a sign-in seal for each one.

    Important: Don't create a sign-in seal on a computer you share with strangers, such as those in libraries, Internet cafes, and other public places.


    From what I realize this "script" is created and maybe a threat to your privacy, our wish to say anonymous, because Yahoo servers can read him even after you delete all cookies.

    Maybe there's a way to prevent our browser to write any data on these directories? If Xerobank can't write or record any data on these Windows XP directories.

    I noticed there's another XML (script?) file along with Yahoo, it's from Windows Update.
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Jim,

    It will please you to know I have added a security function to xB Browser 2.0.0.6a that seeks and destroys Yahoo Sign & Seal upon start.

    I am now attacking sneaky registry based plugins. Should be ready and uploaded tonight.

    Steve
     
Loading...
Thread Status:
Not open for further replies.