lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <OFFE939232.B71ECBF8-ON86256F74.00564B40-86256F74.00579BC6@kohls.com> From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com) Subject: This sums up Yahoo!s security policy to a -T- n3td3v wrote on 12/23/2004 05:35:58 AM: > On Wed, 22 Dec 2004 17:59:25 -0800, morning_wood > <se_cur_ity@...mail.com> wrote: > > > > > What's in that mailbox is/was mine, none of your business unless I chose > > > to share it. > > > > i couldnt agree more... another case of lame, illogical media bullshit > > BRAVO YAHOO > > > > happy hollidays, > > > > m.w > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > A few pointers here to remember: > - They reckon he was saving drafts of e-mails to send when he had net > access. Not all of these drafts were sent before he was obviously > murdered. And you have proof of this...how? > - He was only using the e-mail account to communicate between friends > or family. It isn't like he has secret e-mails he wouldn't want his > family to read, example: some love affair etc with some random chick. See above question...how do you...how does anyone...have even the vaguest idea what this young man had in his email records. It's none of our business. > - Other e-mail providers like AOL have already given families access > to accounts of the e-mail used to send messages from battle. > - Sure, corporation need tight privacy policies, although if a > corporation like Yahoo! are going to be this tight, then surely there > should be an "appeal" system setup in special high profile cases, like > this one. This would be the best way to go, than putting families of > war dead, through extra pain when dealing with a loss of life. And are you quite certain (note that I don't think it's germaine whether it would help or hurt, they have no right to his mail...I'm just asking) that if the family should suddenly get access to this email only to find out that he was (remember that this is PURELY hypothetical and in no way implying that the young man was any, at all, of the following..I'm sure he was an upstanding young man doing his duty as he saw it): gay...or in love with his cousin...or in love with his sister...or having an affair with the next door neighbor's great dane...or using Yahoo! to set up a huge coke deal for when he got home...or planning on smuggling poppy-powder back with him...or...hell anything that his familiy would find shocking, hateful, distaseful, immoral, etc... that it is somehow going to make them feel better?? > - I personally think Yahoo! could easily allow them access in private, > turning a blind eye in this special circumstance. And you of course think that Yahoo! should make plans for going out of business as well? Turning a blind eye once is announcing to the world: "Hey, if we feel like it, we'll violate your privacy, and your records can be made public at our whim!" >Which as I mentioned > above, an appeal process would give room for, obviously. > - This account should at least be taken out of the deactivation > process and deletion, until all legal angles have been ventured. No it should not...see above. We hold Yahoo! (or those who use it's mail facility anyway) as a trusted entity based on their written policies. If they are willing to change them just because the situation has become high-profile (the worst possible reason by the way...that simply says that media pressure is more important than their policies), then you or I, as users of Yahoo! mail have absolutely no reason to believe that our records are safe there. > - If all else fails, its not rocket science for some hacker/script > kiddie to do the family a favour and crack the password and/or account > information and e-mail a family member the details. > > Thanks, n3td3v We're just going to have to agree to disagree...but, happy holidays anyway :) Bart _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html CONFIDENTIALITY NOTICE: This is a transmission from Kohl's Department Stores, Inc. and may contain information which is confidential and proprietary. If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited. If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000. CAUTION: Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time without any further consent. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041224/b4b1f8f9/attachment.html
Powered by blists - more mailing lists