| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Feb 2008 13:22:17 +0100 From: Ferdinand Klinzer <Klinzer@....de> To: full-disclosure@...ts.grok.org.uk Subject: Re: What makes Yahoo! a good merger candidate? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think the adress is security@...oo.com Cheers Ferdinand from Germany Am 06.02.2008 um 11:58 schrieb Vincent van Scherpenseel: > Their abuse policy of course! > > Last week a client's server was being attacked (some old Tomcat5 vuln) > and used to attack other servers (ssh login guessing). The results of > these dictionary attack were being mailed to the address > 'blax2004us@...oo.com': > cat vuln.txt |mail -s "Lame Gang Us Roots" blax2004us@...oo.com > > After I addressed the vulnerability I decided to contact yahoo.com > about > this issue. Of course the only way to do this was by browsing the > Yahoo.com site for any abuse/security contacts. After a while I > found a > form I could use to notify them of abuse of their services. So I wrote > them a quick explanation about what was going on including the e-mail > address of the account used to harvest passwords. > > After a couple of hours I received an e-mail from 'Marcus' a Yahoo! > Customer Care representative (44592956) asking me to provide a the > full > subject and other headers from the spam I had received. > > After writing back kindly that I had no spam complaint but wanted to > report the mal-use of an account of theirs I received another reply a > little while later asking me to provide my *personal* information > about > my account and what errors I got when I tried to login. Well, I don't > even *have* an Yahoo! account. > > So, what do you do when you want to report something like this? In > fact > I'm doing them a favor by reporting but all I got is this lousy > response. I'll have to think twice about reporting something like this > next time... > > Does anyone know an Yahoo! security contact that actually does his > job? > > Kind Regards, > Vincent van Scherpenseel > > -- > ServerFloor.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFHqaZ5ivpgT1glX4cRAoiGAKCmtLIJk0zsxBr7+DxUknYpHdm34ACcCxPx FJpUA2qj8Bv9q7ehmt8dk60= =e2B1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists