Full Disclosure mailing list archives

Re: Gmail emails issue

From: n3td3v <xploitable () gmail com>
Date: Fri, 4 Aug 2006 21:50:28 +0000

On 8/4/06, Stan Bubrouski <stan.bubrouski () gmail com> wrote:


I'm reading your message in gmail and there is nothing in my temp
folder... not that i'd expect there to be.  Gmail can't just create
files on your computer without your permission, it it can your
settings are wrong or your browser is broken.  In other words if your
gmail mails are ending up in your temp folder your web browser is
putting them there...  what browser are you using BTW.  I'm using
firefox and it doesn't store my mails in the temp folder under my NT
account.

-sb



You're wrong there, lets look at Yahoo Messenger:

yupdater.exe

The above little executable stays in the default Yahoo Messenger directory
and can modify any files within that directory and sub-directories, the
yupdater.exe can create and delete any file in those directories, and has
the power to create new files and folders on the command of Yahoo. At no
time is there notification by Yahoo to the end-user. I've witnessed when
Yahoo were testing their backend anti-spam system, that blank folders were
appearing within the default Yahoo Messenger directory. If an attacker can
hack Yahoo and control everyones yupdater.exe then Yahoo will turn into a
very dark place.

Here is another executable that does discrete little directory updates to
your system without end-user interaction or notification:

YServer.exe

We tried to protest what Yahoo was doing other the years in private, and
even thought at one point about putting out trojan horses and viruses under
the same file names so Symantec etc would flag them as malware, although we
didn't

So yeah, Yahoo have the ability to and do infact modify your system without
permission :)

This is done randomly at Yahoo's own discretion and is seperate from
legitmate announced Yahoo Messenger updates :)

Its about time Yahoo came clean about yupdater.exe and YServer.exe instead
of anonymously sending commands to operating systems, to modify, delete and
create files and (or) folders without anyone knowing.

No one is saying Yahoo is doing anything evil, but what if an accident
happened? Yahoo would get its ass kicked

No one can say what unexpected modifications to folder and files might do to
individual end-user systems.

Yahoo, sort yourselves out.

Foul play

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Gmail emails issue 6ackpace (Aug 04)
- Re: Gmail emails issue Stan Bubrouski (Aug 04)
  - Re: Gmail emails issue Thomas Pollet (Aug 04)
    - Re: Gmail emails issue Peter Dawson (Aug 04)
    - Re: Gmail emails issue John Dietz (Aug 04)
    - Re: Gmail emails issue Denis Jedig (Aug 04)
    - Message not available
    - Re: Re: Gmail emails issue L. Victor (Aug 04)
    - Re: Re: Gmail emails issue John Dietz (Aug 04)
    - Re: Re: Gmail emails issue Peter Dawson (Aug 04)
    - Re: Gmail emails issue n3td3v (Aug 04)
  - Re: Gmail emails issue n3td3v (Aug 04)
    - Re: Gmail emails issue Peter Dawson (Aug 04)
    - Message not available
    - Re: Gmail emails issue L. Victor (Aug 05)
- Re: Gmail emails issue wac (Aug 05)