lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: system.outage at gmail.com (System Outage)
Subject: Yahoo!

On Wed, 7 Jul 2004 19:54:59 +1000, Geoffrey Huntley <ghuntley@...il.com> wrote:
> OMG MY E-PENIS > YOUR E-PENIS.
> 
> Jesus christ.

Yahoo! spend very little time preventing security blunders from
happening. They would rather wait until the problem comes to them than
preventing the whole thing from ever happening. Take Yahoo! Messenger
for instance. They build the client over 6 months and rush the coding.
Yahoo! care more about deadlines for projects, than checking
protocol's for potential vulnerabilities before release.

The end result? People get disconnected from Yahoo! Chat/Messenger or
have cookies stolen (because the system is handing them out, because
of obvious and petty flaws on protocol) and in the end, the consumer
loses the account to script kiddies.

Why sweep up from the aftermath of a major security incident due to
messy coding, when you can take an extra month on a project to review
potential vulnerabilities, saving everyone alot of time and energy and
money in the long run.

If every vulnerability that Yahoo! has had and still has was disclosed
on Full-Disclosure, they'd look just as bad as Microsoft do at the
moment.

Geoffery loves my e-penis.


Cheerio

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ