News

Yahoo Fixing Zimbra Bug, Integrating With Exchange

Yahoo plans to resolve a password security vulnerability identified last week in its Zimbra open source e-mail and collaboration software.

Web-search advertising giant Yahoo Inc. plans to resolve a password security vulnerability identified last week in its Zimbra open source e-mail and collaboration software. On Wednesday, a Yahoo spokesperson stated by e-mail that the problem will be addressed in a few weeks' time.

Canadian computer programmer Holden Karau spotted the security problem while participating in Yahoo's University Hack Day. He found that passwords used to log onto Yahoo's e-mail service through the Zimbra client were exposed as clear text, rather than encrypted, as described on his blog.

The Yahoo spokesperson explained that security upgrades and other changes are afoot for the next beta release of Zimbra and "things will be in place in the next few weeks before the service is launched out of beta."

The security fix comes on top of news that Zimbra, which features an AJAX-based client, has achieved compatibility with formats used in other mail programs. The product is now compatible with e-mail, meeting apps, calendars and contact lists used in Microsoft Exchange and Apple Mail, according to a Yahoo announcement issued on Tuesday.

The Zimbra Collaboration Suite now has an "open extension framework" that works with Microsoft Exchange 2003. Yahoo is leaving it up to the marketplace to develop similar mail server extensions, such as for IBM's Lotus Domino or Novell's GroupWise.

Yahoo purchased Zimbra Inc., a San Mateo, Calif.-based startup, in September. Zimbra's software consists of client and server side components, with a free open source version that is currently in the beta testing phase. Yahoo also has a commercially supported edition called Zimbra Network, which has some proprietary code.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.

  • Microsoft Brings Copilot AI Into Viva Engage

    Microsoft 365 Copilot in Viva Engage is now generally available, extending Copilot's AI-powered assistant capabilities deeper into the Viva platform.

Most   Popular