lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20100301152324.3dc9cc93@bert.cmc.net>
Date: Mon, 1 Mar 2010 15:23:24 -0800
From: brian moore <bem@....net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Yahoo! UK and US Hiring Security and Risk
 management experts

On Sat, 27 Feb 2010 12:42:30 -0800
mark seiden <mis@...oo-inc.com> wrote:

> it's true that yahoo is hiring security people, though, typically not as consultants
> but as employees -- programmers and engineers who are clueful about 
> security.  

Really?

Cause they could sure use some.... (Considering the spam I get from Yahoo, where the
Yahoo abuse people deny that web113903.mail.gq1.yahoo.com [98.136.167.123] is part of Yahoo.)

I'd say you have a serious security problem, since if that's true, someone has compromised
your DNS servers as well as records at ARIN that say Yahoo owns that network.

Received: from n64.bullet.mail.sp1.yahoo.com (n64.bullet.mail.sp1.yahoo.com [98.136.44.189])
	by mailhost.cmc.net (Postfix) with SMTP id 7CA5C29EB0A
	for <webmaster@...i.com>; Tue, 23 Feb 2010 09:59:41 -0800 (PST)

That didn't come from Yahoo, either, according to your employees.

Received: from n21.bullet.mail.mud.yahoo.com (n21.bullet.mail.mud.yahoo.com [68.142.206.160])
	by bert.cmc.net (Postfix) with SMTP id 805631F918
	for <rom@....org>; Sat, 20 Feb 2010 06:31:13 -0800 (PST)

That didn't come from Yahoo either...

Looks like someone is totally having a field day with your DNS servers and ARIN, because it certainly
can't be that your abuse staff is completely incompetent and ignoring spam complaints with lies
about it not coming from Yahoo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ