[<prev] [next>] [day] [month] [year] [list]
Message-ID: <44952da30608042137h38e79366m59c1108541b80329@mail.gmail.com>
Date: Sat, 5 Aug 2006 10:07:39 +0530
From: "Mike M" <mkmaxx@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: n3td3v yahoo crap
n3ntl3 wrote :
> The same happens on Yahoo Messenger file share. If the client cannot
> connect
> peer to peer then the file being sent will be stored on the server as a
> temp
> file. The Yahoo system cannot verify that the file has been successfully
> downloaded by the intended party, so the file is left on the server, until
> Yahoo decides to expire the file. What folks were doing is linking the
> temp
> files to victims (via any chat or e-mail), the file extension could be
> anything, so the malicious file was being used in virus and phishing runs.
> The hacker would keep rotating the temp file storage system, everytime the
> file expired (which can be hours at a time, enough time to infect and
> phish
> your way through thousands of hosts), therefore you have continued storage
> of virus and phishing on the Yahoo servers, undetected. The Yahoo virus
> and
> phishing detection system trusts 'yahoo.com', so it isn't stored on their
> anti-spam url collection system, and even if it did, the unique temp file
> URL is changing every rotation, everytime the temp file expires, so the
> URL
> is always changing its character, so stayed trusted and stealth. This was
> being exploited by my connections three or so years ago, although, yahoo
> was
> contacted in private, I think it was treated as a non-issue. Lolz. Can
> someone check0r it out and tell me it can still be exploited today? :)
> I'll
> need to check0r it out too. Thats Yahoo for you. Sorry to poison a Gmail
> thread with this, but it just reminded me of what we exploit on Yahoo :)
> haw
> haw haw... keep hax0ring peeps. I grew up with the vulnerability in my
> teen
> years, it was so common place, no one thought to report it, but eventually
> I
> stopped using Yahoo Messenger temp file storage for when we blocked the
> peer
> to peer via our programs, but yeah, I forgot to check if they patched it.
> Many good lucks and researching....I expect someone with a formal advisory
> to be posting what i'm talking about in the coming daze....peace out for
> now
> my homies. Long live server side temp file storage on Yahoo, it rocks
> vxers
> socks. Shouts to henrit@...oo-inc.com who was the security engineer at the
> time I reported it to him, so the buck stops at him, I believe the buck
> should stop with someone in YAHOO, and should not get away with sloppy
> security. mis@...den.com is still off the hook for the Yahoo Finance
> defacement (which happened last weekend), so I guess henri gets off with
> the
> temp storage thingy too. These people are paid thousands of dollars a year
> to detect these easy holes before the bad guys. Time and time again, they
> get paid even if security incidents keep happening on their turf :) Reject
> their wage for each month theres a security incident on their turf and you
> can be sure they'll suddenly have all the holes reported and patched to
> security@...oo-inc.com, yahoo stop relying on free-lance security
> researchers to tell your thousands of dollars a year ethical hackers about
> bugs, and make your researchers wokr for their money. The rejected wage
> packet for that month should obviously goto the free-lance researcher who
> showed up the ethical hacker for not detecting the bug before them. That
> would solve Yahoo security problems once and for all. Yahoo security
> staff,
> take it for granted they'll ne given there wage regardless of what
> happens,
> that should change, to keep them on their toes and always worried if there
> getting paid that month. In the security industry, getting paid should be
> a
> earned not assumed. Security companies and corporations need to get tough
> with employees and security consultants, to make sure standards are kept
> in
> check, to garentee their working 110% to protect your network from
> attacks.
> I love you henri and mark, both do great work at yahoo, when you're not
> being hacked
Did your grammar teacher tell you about paragraphs?? Oh wait.. you were
attending the dr@m@ classes.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists