lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com)
Subject: This sums up Yahoo!s security policy to a -T-


n3td3v wrote on 12/23/2004 05:35:58 AM:

> On Wed, 22 Dec 2004 17:59:25 -0800, morning_wood 
> <se_cur_ity@...mail.com> wrote:
> >
> > > What's in that mailbox is/was mine, none of your business unless I 
chose
> > > to share it.
> > 
> > i couldnt agree more... another case of lame, illogical media bullshit
> > BRAVO YAHOO
> > 
> > happy hollidays,
> > 
> > m.w
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > 
> 

> A few pointers here to remember:
> - They reckon he was saving drafts of e-mails to send when he had net
> access. Not all of these drafts were sent before he was obviously
> murdered.

And you have proof of this...how?

> - He was only using the e-mail account to communicate between friends
> or family. It isn't like he has secret e-mails he wouldn't want his
> family to read, example: some love affair etc with some random chick.

See above question...how do you...how does anyone...have even the vaguest 
idea what this young man had in his email records.  It's none of our 
business.


> - Other e-mail providers like AOL have already given families access
> to accounts of the e-mail used to send messages from battle.
> - Sure, corporation need tight privacy policies, although if a
> corporation like Yahoo! are going to be this tight, then surely there
> should be an "appeal" system setup in special high profile cases, like
> this one. This would be the best way to go, than putting families of
> war dead, through extra pain when dealing with a loss of life.

And are you quite certain (note that I don't think it's germaine whether 
it would help or hurt, they have no right to his mail...I'm just asking) 
that if the family should suddenly get access to this email only to find 
out that he was (remember that this is PURELY hypothetical and in no way 
implying that the young man was any, at all, of the following..I'm sure he 
was an upstanding young man doing his duty as he saw it): gay...or in love 
with his cousin...or in love with his sister...or having an affair with 
the next door neighbor's great dane...or using Yahoo! to set up a huge 
coke deal for when he got home...or planning on smuggling poppy-powder 
back with him...or...hell anything that his familiy would find shocking, 
hateful, distaseful, immoral, etc... that it is somehow going to make them 
feel better??


> - I personally think Yahoo! could easily allow them access in private,
> turning a blind eye in this special circumstance. 

And you of course think that Yahoo! should make plans for going out of 
business as well?  Turning a blind eye once is announcing to the world: 
"Hey, if we feel like it, we'll violate your privacy, and your records can 
be made public at our whim!"

>Which as I mentioned
> above, an appeal process would give room for, obviously.
> - This account should at least be taken out of the deactivation
> process and deletion, until all legal angles have been ventured.

No it should not...see above.  We hold Yahoo! (or those who use it's mail 
facility anyway) as a trusted entity based on their written policies.  If 
they are willing to change them just because the situation has become 
high-profile (the worst possible reason by the way...that simply says that 
media pressure is more important than their policies), then you or I, as 
users of Yahoo! mail have absolutely no reason to believe that our records 
are safe there.

> - If all else fails, its not rocket science for some hacker/script
> kiddie to do the family a favour and crack the password and/or account
> information and e-mail a family member the details.
> 
> Thanks, n3td3v

We're just going to have to agree to disagree...but, happy holidays anyway 
:)

Bart

 _______________________________________________
 Full-Disclosure - We believe in it.
 Charter: http://lists.netsys.com/full-disclosure-charter.html


CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received.  Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041224/b4b1f8f9/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ