lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ghuntley at gmail.com (Geoffrey Huntley)
Subject: Yahoo!

OMG MY E-PENIS > YOUR E-PENIS.

Jesus christ.

On Wed, 7 Jul 2004 10:03:14 +0100, System Outage
<system.outage@...il.com> wrote:
> Heh.. Don't worry. I won't tell this list about the numerous cookie
> exploits which lead to thousands, probably millions of Yahoo!
> account's being compromised last year.
> 
> If only the media had picked up on it at the time. It would have been
> a massive story for people like CNet News to run. Some things are ment
> to be kept underground, I guess.
> 
> It's amazing the stuff that never makes it onto public security
> mailing lists, and it seem's like only the small issues are post here
> by security groups (for Yahoo! at least).
> 
> And about telling Yahoo! about issues. I've given up on that now. They
> are ignorant people at the address security@...oo-inc.com. They only
> care for themselfs and have little public relation skills. They burnt
> there bridges with me and now they'll suffer. They know I get hold of
> alot of information for Yahoo! and send it to them directly at
> security@...oo-inc.com or via other employee's who send it to the
> security team.
> 
> I've noticed also from past advisories on here by the big security
> groups that Yahoo! Security seem to have a problem with public
> relations and the lack of feedback they give people.
> 
> Anyway, it's not my problem anymore. They can find there own security
> loopholes from now on. I'm finished with helping them out, as I have
> done indirectly over the past 6 years and to security@...oo-inc.com
> directly for the last 1/2 years.
> 
> The script kiddies who hang on Yahoo! Chat will probably burn the
> place down (and that's just the ones who claim to have carried the out
> Akamia attack on Yahoo!), if they haven't managed to do so already.
> 
> Cheerio
> 
> On Tue, 6 Jul 2004 19:08:04 -0700 (PDT), VX Dude <vxdude2003@...oo.com> wrote:
> > --- System Outage <system_outage@...oo.com> wrote:
> > > Yeah, i've contacted the Yahoo! Security Team over
> > > the past 1/2 years with various issues that they
> > > -did- follow up and patch, but did not once think to
> > > tell me about progress. It was only after I spoke to
> > > a representative of Yahoo! Security and said I was
> > > going to post all the underground security issues
> > > with Yahoo! to FD, that I received an e-mail to say
> > > sorry that we didn't contact you. We've been reading
> > > -all- mails are we've been taking further action(s),
> > > after all this time.
> > >
> > <snip>
> > >
> > > I guess the same may apply for Google Security Team.
> > > After all, Yahoo! and Google were very good
> > > partners, up until recently. Google and Yahoo! seem
> > > to have very quickly become rivals, with regards of
> > > Search and  E-mail.
> > >
> > > The things I could tell FD about Yahoo! would rock
> > > the Yahoo! Security Team to it's foundations (and
> > > they know it). Luckily for them, I have morals.
> > >
> > > Yahoo! are aware of who I am, even though they know
> > > me on another alias.
> > >
> > >
> > > Cheerio
> > >
> > <snip>
> >
> > I would just like to point out that some of us who use
> > yahoo enjoy their security holes, if they didnt have
> > such security holes we move on to using something like
> > gmail!
> >
> > So please, stop telling yahoo, if they really cared,
> > they'd do it on their own, and don't blab to FD
> > either.  Why ruin everyone's fun for 2 inches of fame?
> >
> > PS: FD keep sending those viruses.  I don't know what
> > the fuck it has to do for your cause, but it helps out
> > my cause ;p
> >
> > __________________________________
> > Do you Yahoo!?
> > New and Improved Yahoo! Mail - 100MB free storage!
> > http://promotions.yahoo.com/new_mail
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ