lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 01 Mar 2010 23:40:32 +0000
From: "intel unit" <n3td4v@...h.ai>
To: full-disclosure@...ts.grok.org.uk, bem@....net
Subject: Re: Yahoo! UK and US Hiring Security and Risk
	management experts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yahoo has a ton of cash and a lot of experience put into make a
great experience.

But they do have those embarrassing security flaws you just
mentioned.

Also, they're not even using cellphone calling or having real
people man cracked email accounts. Instead they let 15 year old
4channers backdoor you.

The most secure way to fortify your mail to scramble your forgotten
pw's, and if you do that, and you lose your pw, You're toast.

I'm sure yahoo also has some shitty last 4 # of your CC.

Google's way of doing it is superior. They hire pakis to do that
stuff.

Yahoo is amazing is many aspects (for years they had a great
directory, and even today have superb search), but I never had the
impression that security was their strongpoint.

I wouldn't trust my mail or personal data with them.

On Mon, 01 Mar 2010 23:23:24 +0000 brian moore <bem@....net> wrote:
>On Sat, 27 Feb 2010 12:42:30 -0800
>mark seiden <mis@...oo-inc.com> wrote:
>
>> it's true that yahoo is hiring security people, though,
>typically not as consultants
>> but as employees -- programmers and engineers who are clueful
>about
>> security.
>
>Really?
>
>Cause they could sure use some.... (Considering the spam I get
>from Yahoo, where the
>Yahoo abuse people deny that web113903.mail.gq1.yahoo.com
>[98.136.167.123] is part of Yahoo.)
>
>I'd say you have a serious security problem, since if that's true,
>someone has compromised
>your DNS servers as well as records at ARIN that say Yahoo owns
>that network.
>
>Received: from n64.bullet.mail.sp1.yahoo.com
>(n64.bullet.mail.sp1.yahoo.com [98.136.44.189])
>	by mailhost.cmc.net (Postfix) with SMTP id 7CA5C29EB0A
>	for <webmaster@...i.com>; Tue, 23 Feb 2010 09:59:41 -0800 (PST)
>
>That didn't come from Yahoo, either, according to your employees.
>
>Received: from n21.bullet.mail.mud.yahoo.com
>(n21.bullet.mail.mud.yahoo.com [68.142.206.160])
>	by bert.cmc.net (Postfix) with SMTP id 805631F918
>	for <rom@....org>; Sat, 20 Feb 2010 06:31:13 -0800 (PST)
>
>That didn't come from Yahoo either...
>
>Looks like someone is totally having a field day with your DNS
>servers and ARIN, because it certainly
>can't be that your abuse staff is completely incompetent and
>ignoring spam complaints with lies
>about it not coming from Yahoo.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkuMUHAACgkQwGoky+I7Eot/eAP+OJyVxW9JDzx5iV514RrCF5DOTX27
KslqXFVIVpKWLN6PscX0kKrI9bansION8Zt7wJoKO4EIdupAbpdXih4OOXBEzdxKhw2R
Tjpj2NR715Es+3DPYX5Q0doYMVtgwEWZaBJZKVVoIyTMkhIoiIxyTIkhYipU4YchUBmj
Yc0zm5I=
=K5Og
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists