lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4b6ee9310506261601d2079a9@mail.gmail.com>
Date: Mon Jun 27 00:01:47 2005
From: xploitable at gmail.com (n3td3v)
Subject: Yahoo Messenger privacy vulnerability in Yahoo 360

Hello security community,

Can someone confirm that the following is true?...

Vendor: 

Yahoo! Inc

Description:

Just when users of Yahoo Messenger had got a custom to being stealth
from friends on Yahoo Messenger and Yahoo Profiles. Yahoo 360 appeared
late March 2005, and currently takes your privacy away.

Currently Yahoo 360 is not in sync with Yahoo Messenger stealth
settings, therefore the user appears online at Yahoo 360.

The vulnerability can be exploited and written into a hackers IM
software, to have real-time online status, quickly and easily, of any
devious users who choose to hide using Yahoo Messenger's stealth
settings.

Whats more is, if a user selects *Don't display my status on Yahoo
sites* via Yahoo Messenger/Yahoo Profiles/Yahoo Members Directory, the
true and not false online status is still displayed on Yahoo 360.

Work around:

Don't use stealth settings and select "Invisible to Everyone" on your
status chooser.

Credit:

n3td3v

http://blog.360.yahoo.com/blog-DDhkxBU_KLIDKLXKywM-?p=324

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ