lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: xploitable at gmail.com (n3td3v) Subject: Yahoo Messenger. Yahoo Mail vulnerable Yahoo today introduced a year 10 promotion to allow users to buy a free ice cream, and view propaganda on the last 10 years of Yahoo. The location http://birthday.yahoo.com/netrospective/ has e-mail to friend functionality. This e-mail to friend form offers no protection to Yahoo Messenger or Yahoo! Mail users. A very evil and malicious user can flood a Yahoo! Mail users inbox with non-stop e-mail messages. Repeated messages usually goto the bulk folder automatically. This mail to friend funtion at http://mtf.news.yahoo.com/mailto?url=http%3A%2F%2Fbirthday.yahoo.com%2Fnetrospective%2F&title=Yahoo!+Happy+10th+Birthday&prop=birthday&locale=us by-passes all Yahoo mail spam filters. Whats more is, if the victim is a kean user of the Yahoo! Messenger service, you can bomb the victim with non-stop dialog popup boxes notifying you of new mail, because the spamed messages all goto the inbox, where the Yahoo! Messenger mail notifier keeps an eye on. On a wider pciture of things, a very evil and malicious user can slow down Yahoo's mail hardware by using your harvested e-mail addresses you've been using for phishing on Yahoo! Mail network. Yahoo! corporate mail is also effected by this spam vulnerability. A very evil and malicious user can bring Yahoo's internal mail system to a crawl, with your bot net, you were using to make money from mareters who were paying you to spam inboxes with under normal money manking circumstances. Thanks for your time security community n3td3v once again shows up Yahoo's bad security management. Heres to another ten years!!! This is my security list, its better than FD!! ;-) http://groups-beta.google.com/group/n3td3v My last advisory was the Google Groups script injection vulnerability.
Powered by blists - more mailing lists