lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <351ABF9DBD9106470C4ECD82@utd59514.utdallas.edu>
Date: Wed, 06 Feb 2008 11:40:06 -0600
From: Paul Schmehl <pauls@...allas.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: What makes Yahoo! a good merger candidate?

--On Wednesday, February 06, 2008 12:25:19 -0500 Harry Hoffman 
<hhoffman@...solutions.net> wrote:

> You just need to take it a step further :-)
>
> ...
> rcpt to: <nosuchuser12323123123123132124432342@...oo.com>
> 250 recipient <nosuchuser12323123123123132124432342@...oo.com> ok
> data
> 354 go ahead
> Testing
> .
>
> 554 delivery error: dd This user doesn't have a yahoo.com account
> (nosuchuser12323123123123132124432342@...oo.com) [0] -
> mta367.mail.mud.yahoo.com
> 421 Service not available, closing transmission channel.
> Connection closed by foreign host.
>
>
> Valdis.Kletnieks@...edu wrote:
>> On Wed, 06 Feb 2008 10:44:10 CST, Paul Schmehl said:
>>
>>> RCPT TO: <abuse@...oo.com>
>>> 250 recipient <abuse@...oo.com> ok
>>
>> % telnet f.mx.mail.yahoo.com 25
>> ...
>> rcpt to: <ctl-alt-cokebottle@...oo.com>
>> 250 recipient <ctl-alt-cokebottle@...oo.com> ok
>>
>> Yee. Hah.  They 250 for a probably-nonexistent account (unless that
>> one actually *does* exist? :)
>>

They're also the first mail server I've ever connected to that won't accept 
user@...ain.tld and insists on <user@...ain.tld> instead.  So, I'm not 
surprised to find that they 250 everything you type in.

I guess RFCs are even more meaningless now than they always have been.   :-(

BTW, privately I was informed that the *real* address is security@...oo-inc.com.

Who knew.

-- 
Paul Schmehl (pauls@...allas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ