From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: This sums up Yahoo!s security policyto a -T- 

On Mon, 27 Dec 2004 10:05:55 EST, Mary Landesman said:

> Now, if there were reason to believe that a crime had been committed and
> that evidence lies in the email, that's a different story. In such a case, I
> believe the email should be turned over to the authorities. But absent legal
> need, turning over email to a grieving parent/spouse/child is a dangerous
> and undesirable precedent.

Amen.  Absent a properly executed subpoena, Yahoo shouldn't be coughing up
the data to anybody.  IANAL, but the "No right of survivorship" would probably
trump the executor's rights.  But even there, the *right* thing for the
executor is to have a judge issue a temporary restraining order, and hand
Yahoo the TRO and say "sit on this account until a judge rules on who wins".

It's amazing that nobody on *this* list has picked up on another thing that
Yahoo has to protect against: Social engineering.  Find a Yahoo userid that
hasn't been used in a few days, and "notify" Yahoo that you're the next of kin
and they just got killed in a car crash.

Do you really *want* Yahoo to take your word for it? (Remember, although *this*
case is high-profile, and the parents were probably on TV and all that, if
I pick some random Joe Smith across town, and tell Yahoo that I'm Joe Smith Sr,
why should they fall for it?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041227/1ced2859/attachment.bin

Powered by blists - more mailing lists