lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <44952da30607290732p2de28785v6ac2528c21410050@mail.gmail.com>
Date: Sat, 29 Jul 2006 20:02:40 +0530
From: "Mike M" <mkmaxx@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Continued threat continues

> From: n3td3v <xploitable@...il.com>
> Date: Oct 25, 2005 3:59 PM
> Subject: Continued threat continues
> To: full-disclosure@...ts.grok.org.uk
>
>
> It has been reported via the n3td3v group news wire that the group has
> surpassed its 600th member, adding to speculation that the group,
> hosted on the Google Groups network is only going to grow larger.
>
> The founder n3td3v since 1999 has been responsible for a number of
> vendor-side reported incidents and vulnerabilities on the Google and
> Yahoo network.
>
> We're working with people to making the group as comfortable as possible.
>
> Consumers are obviously being attacked via e-mail and IM right now
> with phishing and pharming hacks. Although theres been alot of
> corporate user hacking going on, its been noted, due to an up raise of
> the Yahoo 360 service.
>
> Corporate users with who are socially networking via Yahoo 360 service
> is definitely a threat to corporate security. We can't see any way out
> of it until Yahoo allows flexibility of privacy level for Yahoo 360,
> with regards to its public social circle list.
>
> Ultimately we've been calling for Yahoo 360 friends list to be
> viewable by "friends only" by default. Allowing for this to be changed
> later, by the consumer and corporate user, after "security warnings",
> which we are also calling for at this time.
>
> Right now, Yahoo 360 is a social networking service, with no option to
> hide your social cirlcles. Many users especially corporate users, are
> unaware of how exposed they've become to malicious hackers since the
> service was launched March.
>
> The Yahoo 360 service is allowing users to transfer whole Yahoo
> Messenger lists and E-mail address book lists, over to the public
> Yahoo 360 service, even if the user is unaware of privacy
> complications this may cause.
>
> Many folks are just unaware to how much information they've been
> giving out. Its the responsibility of Yahoo to make those corporate
> and consumer users on the service aware of what they're doing, before
> they do it, instead of offering to allow users to expose social
> circles on the fly.
>
> Alot of this is allowing for phishing and pharming attacks, as well as
> corporate hacking of employee computers with known and unkwown
> vulnerabilities.
>
> Just don't say mutter the words "Yahoo 360 worm", people might get
> worried.
>
> Why are Yahoo helping the growth of global trends when they don't need
> to, which will also have a side affect on their own users.




OMIGAWD!!! You've surpassed all previously known drama-queeniness

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ