Re: [Full-Disclosure] Yahoo!

[System Outage <system.outage@xxxxxxxxx>]

On Wed, 7 Jul 2004 19:54:59 +1000, Geoffrey Huntley <ghuntley@xxxxxxxxx> wrote:
> OMG MY E-PENIS > YOUR E-PENIS.
> 
> Jesus christ.

Yahoo! spend very little time preventing security blunders from
happening. They would rather wait until the problem comes to them than
preventing the whole thing from ever happening. Take Yahoo! Messenger
for instance. They build the client over 6 months and rush the coding.
Yahoo! care more about deadlines for projects, than checking
protocol's for potential vulnerabilities before release.

The end result? People get disconnected from Yahoo! Chat/Messenger or
have cookies stolen (because the system is handing them out, because
of obvious and petty flaws on protocol) and in the end, the consumer
loses the account to script kiddies.

Why sweep up from the aftermath of a major security incident due to
messy coding, when you can take an extra month on a project to review
potential vulnerabilities, saving everyone alot of time and energy and
money in the long run.

If every vulnerability that Yahoo! has had and still has was disclosed
on Full-Disclosure, they'd look just as bad as Microsoft do at the
moment.

Geoffery loves my e-penis.


Cheerio

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html