Bugtraq mailing list archives
Re: Yahoo! Instant Messenger
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Tue, 16 Jan 2001 12:22:07 -0500
"Michael S. Fischer" wrote:
The third statement of this paragraph is untrue -- Almost every transaction at Yahoo! involving money uses the Yahoo! wallet system, which uses a separate password from the one used by YIM and the other "standard" (non-financial) services.
You're assuming that the person who holds both a YIM account and a
Wallet account uses a different password. I'd bet willing to wager that
near five-9's of the YIM/wallet users use the same account name and
password, thus making any disclosure of their password a problem.
--
Matthew Keller
WebMaster, Interim Network Manager &
Host Systems Analyst
Computing & Technology Services
Information Services Division
State University of New York at Potsdam
Website: http://mattwork.potsdam.edu/
PGP: http://mattwork.potsdam.edu/crypto/
Current thread:
- Yahoo! Instant Messenger Shaun O'Callaghan (Jan 15)
- Re: Yahoo! Instant Messenger Michael S. Fischer (Jan 16)
- Re: Yahoo! Instant Messenger Matthew Keller (Jan 16)
- Re: Yahoo! Instant Messenger Bill Fumerola (Jan 17)
- Re: Yahoo! Instant Messenger Matthew Keller (Jan 16)
- <Possible follow-ups>
- Re: Yahoo! Instant Messenger Josh Higham (Jan 17)
- Re: Yahoo! Instant Messenger Michael S. Fischer (Jan 16)