Yahoo fun

Michael Pollak mpollak at panix.com
Fri Jul 12 15:47:25 PDT 2002

Previous message: 4th July: Greensboro
Next message: Yahoo fun
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Search LBO-Talk Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort

[Getting medireview on your ass]

_ _ _____ _ __ <*the* weekly high-tech sarcastic update for the uk>
| \ | |_ _| |/ / _ __ __2002-07-12_ o join! mail an empty message to
| \| | | | | ' / | '_ \ / _ \ \ /\ / / o ntknow-subscribe at lists.ntk.net
| |\ | | | | . \ | | | | (_) \ v v / o website (+ archive) lives at:
|_| \_| |_| |_|\_\|_| |_|\___/ \_/\_/ o http://www.ntk.net/

Nice to see, in the midst of all these scandals, Yahoo

turning a healthy profit. But as other companies fiddle the

figures, Yahoo's been busy instead with fiddling its own

users' private correspondence. In a fantastically clumsy

attempt to prevent cross-site scripting attacks, the free

e-mail wing of the sprawling giant has long been replacing

complete English words in the text of HTML mail sent to its

users. Mention "mocha" in an HTML mail to a friend with a

@yahoo.com account, and your choice in coffee will be

silently switched to "espresso". Talk about "free

expression", and your recipient will think you said "free

statement". Here's the full list of swaperoos:

http://www.ntk.net/2002/07/12/yahoo.txt

- try not to mail it to your friends

This fiddling has been going on now for over a year year

(the ever vigilant RISKS digest noted it back in March

2001). But because of Yahoo's underhand methods, very few

people have spotted the turnabout - certainly far fewer than

if Yahoo had done the sensible thing and, say, "**"'ed out

the vowels in the word, or, God forbid, written a smarter

parser. But the sneakier you are, the wider the damage

spreads. The word "medieval" (since it contains the

javascript command "eval") is converted in Yahoo mail to

"medireview". Google now shows over 640 sites (and 1,150

separate instances) of the word "medireview" being used as a

synonym for medieval. University papers, bibliographies and

book reviews, Indian newspaper columnists, and endless

enthusiast sites drop it unseen into texts. People have

begun to ask where it originally came from, and does it have

a subtler meaning beyond "medieval"? Is Yahoo ever going to

fix its filters? Or is it time we pushed to get the first

regexp-obfuscated word into the Oxford English Dictionary?

http://catless.ncl.ac.uk/Risks/21.34.html

- does anyone still at Yahoo even know how to turn it off?

http://www.google.com/search?q=medireview

- NTK now entirely filled with google links

Previous message: 4th July: Greensboro
Next message: Yahoo fun
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the lbo-talk mailing list