lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: xploitable at gmail.com (n3td3v)
Subject: Yahoo security and privacy

On Tue, 04 Jan 2005 14:18:49 +0200, Alex V. Lukyanenko
<y_avenger_y@...fm> wrote:
> 
> Quoting n3td3v,
> > Because we all know Yahoo! has no account security, so kids aged 15
> > can hack an account. Yahoo! is like hacking for beginners. Its easy to
> > do, and therefore a great network to learn skills.. bravo Yahoo!, you
> > have a use after all.
> Hm, hm. Yahoo's rudimentary security 'features' such as account
> lockout policy (12 hours after several failed login attempts) is most
> often used as a DoS against that account owner.
> Plus numerous "booters" exploiting holes (read: buffer overflows) in
> ypager.exe, and you have a perfect way to kick someone out from chat
> and not let him/her/it return.
> They (at Yahoo) try to make it harder to write your own chat
> client/bot/messanger by slightly changing their CRAM (and still, it
> was reversed, nevermind that it nowadays consist of several MD5-like
> routines and is heavily obfuscated against casual reverse-engineers
> :P)
> 
> Couldn't hold myself, this is FD after all :)
> 
> --
> Alex V. Lukyanenko | 86195208@icq | y_avenger_y@...fm
> ----
> http://cards.alkar.net/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

Thats the least of it. Yahoo! Messenger has no privacy. You can detect
people who are invisible easily. A friend has developed a good open
source project at buddy-spy.com You might want to check that out.
Yahoo! Messenger team are scrambling to build a brand new robust and
secure protocol for 2005, to particularly stop kids and vulnerable
females from getting unwanted attention through the fundamental
privacy flaws in the protocol my friend has been able to use to
develop buddy-spy.

If you're worried about your kids saftey on Yahoo! messenger, don't
use it. At least until privacy flaws have been fixed.

I could continue the list of Yahoo! glitches and flaws, but i'll leave
it at the lack of privacy on Yahoo! Messenger for now.

n3td3v, the greatest!
Yahoo sec admins are no use.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ