| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: y_avenger_y at ua.fm (Alex V. Lukyanenko) Subject: [SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff Quoting n3td3v, > Because we all know Yahoo! has no account security, so kids aged 15 > can hack an account. Yahoo! is like hacking for beginners. Its easy to > do, and therefore a great network to learn skills.. bravo Yahoo!, you > have a use after all. Hm, hm. Yahoo's rudimentary security 'features' such as account lockout policy (12 hours after several failed login attempts) is most often used as a DoS against that account owner. Plus numerous "booters" exploiting holes (read: buffer overflows) in ypager.exe, and you have a perfect way to kick someone out from chat and not let him/her/it return. They (at Yahoo) try to make it harder to write your own chat client/bot/messanger by slightly changing their CRAM (and still, it was reversed, nevermind that it nowadays consist of several MD5-like routines and is heavily obfuscated against casual reverse-engineers :P) Couldn't hold myself, this is FD after all :) -- Alex V. Lukyanenko | 86195208@icq | y_avenger_y@...fm ---- http://cards.alkar.net/
Powered by blists - more mailing lists