lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Apr 2008 09:28:37 +1000
From: Pat <hermens.p@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: n3td3v has a fan

Man, and I thought your tin-foil hat conspiracy bullsh*t was bad enough
before.
Do you, as a PERSONAL MATTER, oppose to Google Street View too, because
showing who parked where is a matter of national security or some other such
bullsh*t?

On a more serious note, PLEASE take your personal opinions off this list.
I don't want to block anyone on this list for fear they might actually, one
day, hopefully, come out with something intelligent so please up your game
and remove your opinion from all your future posts. I feel that this simple
move on your part, will alleviate most of the hatred this group tends to
feel for you.

On 15/04/2008, n3td3v <xploitable@...il.com> wrote:
>
> On Mon, Apr 14, 2008 at 10:44 PM, G. D. Fuego <gdfuego@...il.com> wrote:
> > Removing your private mailing list that none of us can actually post to.
>
>
> You could subscribe then you wouldn't hit the bouncer server? Its a
> public mailing list as long as you register your google account to the
> group.
>
>
> >
> >
> > > I have to contest, at Yahoo--- Mark Seiden and others said Sunnyvale
> > > isn't MI5/MI6 and that people shouldn't be stopped on premises without
> > > permission for taking photos.
> > >
> > > And I was angry that Mark Seiden and others at Yahoo weren't going to
> > > take my e-mail seriously, athough later on it turns out that Yahoo
> > > non-cyber staff who patrol the grounds of Sunnyvale have stopped photo
> > > taking without permission, this has to be a good thing.
> > >
> > > The case of mine was highlighted by "ycantpark". of which flickr
> > > photos were published of the parking lots of Yahoo of employees who
> > > couldn't park, although that sent off triggers for me to send the
> > > multiple e-mail to their cyber security e-mail address to stop this
> > > happening.
> > >
> > > There are many ways the parking setup could be used against Yahoo
> > > adversaries, think car bomb, or truck bomb? It was hugely
> > > irresponsible of Yahoo to allow such photos to be taken by on-the-fly
> > > employees.
> >
> > The above section seems to state that preventing individuals from taking
> > photos on the campus is an important security measure that makes sense
> to
> > take.
>
>
> Why wouldn't it be, do you want your car and number plate appearing on
> flickr and the company you work at or are connected to? Think of the
> shady adversaries or intelligence services who would find that an
> interesting peice of information.
>
> Yahoo have a privacy policy for personal information on its website
> for its consumers, it also takes operational information serious, and
> the addresses and other personal info of its employees... seriously,
> apparently.
>
> The photographs, as stated on Ycantpark, they give out the make and
> model of employee car without the permission of the owner, give the
> number plate of the employee or connected partner, which links to
> their home address and other data, and not only does the owner of the
> car not know, Yahoo Inc did not know this photo session was taking
> place and was being published on the web.
>
> Dude, this is a major privacy breach of Yahoo employees, partners, and
> Yahoo Inc policy, beliefs as a whole.
>
> Back in the day when I focused on Yahoo, I found a beta group on Yahoo
> groups that was supposed to be secure, but it was available for be to
> subscribed to. I subscribed and gathered operational intelligence on
> how the inside of Yahoo was working, I passed this research to Yahoo,
> and they took steps to close it down and punish/discipline those
> involved.
>
> Thats not all, one xmas, a site called stats.yahoo.com was broken into
> by known hackers, n3td3v was first on the scene to alert Yahoo, and
> they had to get their at the time stand-in-staff to bleeper the
> seniors away from their xmas turkey to attend the incident. The stats
> site, had all the names and addresses of employees and their roles and
> other personal data, Yahoo secured and eventually shut down the site.
>
> So there is plenty evidence to suggest Yahoo take its employee privacy
> and its operational data privacy seriously, but they have might not
> quite realise how car models and number plates might equal the same
> type of data breach of its employees and operational data.
>
> So Yahoo do take privacy and data security seriously--in some
> cases---cars and number plates, questionable.
>
>
> >
> >
> > On Mon, Apr 14, 2008 at 5:31 PM, n3td3v <xploitable@...il.com> wrote:
> >
> > >
> > >
> > >
> > >
> > >
> > > It means you don't need to be a stranger at Yahoo Sunnyvale campus,
> > > you can be a long term employee fast tracked in by the intelligence
> > > service way back at the end of the 1990s when it was obvious Yahoo was
> > > becoming a major internet player.
> > >
> > > If Yahoo are looking for suspicious people walking around campus,
> > > think again, the intelligence service had people employed into Yahoo
> > > through the back door as soon as it was realised it was going to be an
> > > investment for the intelligence services to do so.
> > >
> >
> >
> > And here you seem to be stating that the bad guys already work at Yahoo,
> > which would make the photos piece irrelevant.
>
>
> The Ycantpark guys were employees taking photos without asking
> permission, which resulted in cars, and number plates appearing on
> flickr. It isn't known if before n3td3v protested that it was policy
> for permission to be asked, but hopely years on that is to be the
> case.---especially if its the intention of the employees to publish
> the photos to the web.
>
>
> n3td3v
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ