[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Yahoo!

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Yahoo!
From: System Outage <system.outage@xxxxxxxxx>
Date: Wed, 7 Jul 2004 10:48:15 +0100

On Tue, 6 Jul 2004 19:08:04 -0700 (PDT), VX Dude <vxdude2003@xxxxxxxxx> wrote:
> 
> I would just like to point out that some of us who use
> yahoo enjoy their security holes, if they didnt have
> such security holes we move on to using something like
> gmail!
> 
> So please, stop telling yahoo, if they really cared,
> they'd do it on their own, and don't blab to FD
> either.  Why ruin everyone's fun for 2 inches of fame?

Heh.. Don't worry. I won't tell this list about the numerous cookie
exploits which lead to thousands, probably millions of Yahoo!
account's being compromised last year.

If only the media had picked up on it at the time. It would have been
a massive story for people like CNet News to run. Some things are ment
to be kept underground, I guess.

It's amazing the stuff that never makes it onto public security
mailing lists, and it seem's like only the small issues are post here
by security groups (for Yahoo! at least).

And about telling Yahoo! about issues. I've given up on that now. They
are ignorant people at the address security@xxxxxxxxxxxxxx They only
care for themselfs and have little public relation skills. They burnt
there bridges with me and now they'll suffer. They know I get hold of
alot of information for Yahoo! and send it to them directly at
security@xxxxxxxxxxxxx or via other employee's who send it to the
security team.

I've noticed also from past advisories on here by the big security
groups that Yahoo! Security seem to have a problem with public
relations and the lack of feedback they give people.

Anyway, it's not my problem anymore. They can find there own security
loopholes from now on. I'm finished with helping them out, as I have
done indirectly over the past 6 years and to security@xxxxxxxxxxxxx
directly for the last 1/2 years.

The script kiddies who hang on Yahoo! Chat will probably burn the
place down (and that's just the ones who claim to have carried the out
Akamia attack on Yahoo!), if they haven't managed to do so already.

Cheerio

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Gmail/Yahoo!
  - From: VX Dude

Prev by Date: Re: [Full-Disclosure] Yahoo!
Next by Date: RE: [Full-Disclosure] Wendy's Drive-up Order System Information Disclosure
Previous by thread: Re: [Full-Disclosure] Yahoo!
Next by thread: RE: [Full-Disclosure] Gmail Information Disclosure Vulnerability
Index(es):
- Date
- Thread