[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9CA621425D6EAE4FBBD29326CC7D11062FC758@unity-svr.Unity.local>
Date: Mon May 22 11:41:47 2006
From: Ed at unityitservices.co.uk (Edward Pearson)
Subject: Black clouds over Sunnyvale go unchecked
What drugs are you taking, and where can I buy some?
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of n3td3v
Sent: 20 May 2006 19:53
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] Black clouds over Sunnyvale go unchecked
yahoo hackers unite. yahoo is slowly but surely being taken over by a
bad element of yahoo employee. these employees are hired by each other
and fast tracked into sunnyvale. people say folks are vetted before they
are employed, although you can never have a check for social background,
the only checks possible are for criminal records. yahoo employee
hackers don't have criminal records, they are highly interlligent folks,
who have studied for years at universities. in real life its easier to
define a criminal, but when we're talking about international hackers,
there is no rule, there are no road signs. what is needed is
intelligence on the bad guys from a social point of view. it is all very
well using interviewing techniques, but with that, your intelligence
gathered at a job interview is only as good as the would-be employee
wants you to know.
you cannot save yourself from hackers getting into yahoo. once a hacker
is in yahoo, its very easy to gain the trust of co-workers.
once given a job, it would take a hell of a lot of evidence to unstick
them, and have grounds to fire them. i have intelligence on a social
level of someone who is a blackhat, every attempt to tip off yahoo and
make them convinced has failed, and you know what the worrying thing is,
this guy has hosted interviews and has successfully hired more hackers.
there is also intelligence that he wants in the long run to hire more
folks from a blackhat social background. i instant messaged and have
been e-mailing yahoo core security team for a sustained period over the
issue of the particular employee, who so far has managed to divert
attention from his activities by claiming everything is false being made
against him. a bunch of losers with a grudge, bored kids, you know, any
excuse the yahoo employee can think of to keep his reputation clean.
although this guy tipped off a blackhat hacker that his im conversations
were being monitored and this stopped further intelligence gathering
techniques being used on the blackhat the yahoo employee tipped off.
this tip-off wasn't a hear-say, there was actual proof he tipped off a
blackhat being monitored. yahoo say for their security slogan "yahoo
takes security very seriously", though when its a threat from within,
the yahoo employee is protected by his other evil blackhat friends from
within the security team. to the whitehats of yahoo, they don't even
know theres a blackhat movement going on within yahoo's work force, even
though for a long time i've been trying to convince yahoo security team
that the threat is real, and data is leaving sunnyvale and being sent to
third party contacts. this yahoo employee was originally fast tracked
into yahoo by another blackhat. since that time, the spawning of more
blackhat insiders has been continuing. eventually yahoo will have an
army of blackhat insiders letting third party contacts know exactly
whats going on. its not to say theres no money in it, often top level
google employees offer folks money for yahoo corporate data and the
likes, and of course, if the price is right then who is going to say no?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists