lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060316142114.91771.qmail@web36914.mail.mud.yahoo.com>
Date: Thu Mar 16 14:21:22 2006
From: system_outage at yahoo.com (n3td3v group)
Subject: Yahoo recommends you write down account
	information 

I think you people are missing the point entirely. Let me tooth pick it for you since you can't work it out yourself.
   
  On http://security.yahoo.com/about_passwords.html Yahoo say, never write down your password. If you do, make sure its kept in a nuclear bunker.
   
  However, on sucessfully creating a new account at http://edit.yahoo.com/config/register the wording says "Yahoo recommends you print out this page" and gives a print out functionality link.
   
  You see, they tell you NEVER to write down your PASSWORD on one site and contradict themselves on another by recommending you print out all the information you would need to get a new password.
   
  Don't under estimate my intelligence and  Valdis, I can't see how you could possibily know the scope in my mind thought of how a print out might be used in a real life scenario. The issue of printouts isn't a problem for home users as the other poster mentioned, The threat comes more in small business and large corporations. However, I wasn't looking into the serious side of how the print out would be used to actually compromise an account. I was more having some fun with Yahoo Security (and some of those folks I know personally over IM and Email), in the way security professionals at security.yahoo.com say one advice, but then folks who setup the edit.yahoo.com/config/register are saying another. In other words, a break down in co-ordination at Yahoo between the security team and the folks who look after config/register. Anyway I spoke with someone from security last night and they confirmed it was silly, and it was going to be fixed.
   
  See you guys later,
   
  n3td3v (not system_outage :P)
  
Valdis.Kletnieks@...edu wrote:

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060316/f8a3e74a/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ