lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 28 Jul 2006 23:02:34 +0000
From: n3td3v <xploitable@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: Continued threat continues

---------- Forwarded message ----------
From: n3td3v <xploitable@...il.com>
Date: Oct 25, 2005 3:59 PM
Subject: Continued threat continues
To: full-disclosure@...ts.grok.org.uk


It has been reported via the n3td3v group news wire that the group has
surpassed its 600th member, adding to speculation that the group,
hosted on the Google Groups network is only going to grow larger.

The founder n3td3v since 1999 has been responsible for a number of
vendor-side reported incidents and vulnerabilities on the Google and
Yahoo network.

We're working with people to making the group as comfortable as possible.

Consumers are obviously being attacked via e-mail and IM right now
with phishing and pharming hacks. Although theres been alot of
corporate user hacking going on, its been noted, due to an up raise of
the Yahoo 360 service.

Corporate users with who are socially networking via Yahoo 360 service
is definitely a threat to corporate security. We can't see any way out
of it until Yahoo allows flexibility of privacy level for Yahoo 360,
with regards to its public social circle list.

Ultimately we've been calling for Yahoo 360 friends list to be
viewable by "friends only" by default. Allowing for this to be changed
later, by the consumer and corporate user, after "security warnings",
which we are also calling for at this time.

Right now, Yahoo 360 is a social networking service, with no option to
hide your social cirlcles. Many users especially corporate users, are
unaware of how exposed they've become to malicious hackers since the
service was launched March.

The Yahoo 360 service is allowing users to transfer whole Yahoo
Messenger lists and E-mail address book lists, over to the public
Yahoo 360 service, even if the user is unaware of privacy
complications this may cause.

Many folks are just unaware to how much information they've been
giving out. Its the responsibility of Yahoo to make those corporate
and consumer users on the service aware of what they're doing, before
they do it, instead of offering to allow users to expose social
circles on the fly.

Alot of this is allowing for phishing and pharming attacks, as well as
corporate hacking of employee computers with known and unkwown
vulnerabilities.

Just don't say mutter the words "Yahoo 360 worm", people might get worried.

Why are Yahoo helping the growth of global trends when they don't need
to, which will also have a side affect on their own users.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists