lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Jun 12 11:32:10 2006 From: nocfed at gmail.com (nocfed) Subject: Vunerability in yahoo webmail. On 6/12/06, c0ntex <c0ntexb@...il.com> wrote: > On 12/06/06, David Loyall <david.loyall@...il.com> wrote: > > Oh, I've CC'd abuse@...oo.com, but if someone else would give them a proper > > write-up, and encourage them to close the hole, that'd be wonderful. > > I know this guy who has over 7 years of direct security influence with > Yahoo and Google security engineers! > You know that you really should have replied from av3@...oo.com and attached a .shm or a .scr, right? I would definatly open any attachment sent from av3@...oo.com in a heartbeat. Really though, that's some crappy static code. It reminds me of a 1st year programmer that replicates their same call 100 times to get 1 thing done. I'm not quite sure how people still fall for these things... be it a executable attachment or html, that low and behold CAN have javascript (AJAX/Web 2.0TM) in it, you should not be just opening any attachments.
Powered by blists - more mailing lists