Full Disclosure mailing list archives
Re: Gmail emails issue
From: n3td3v <xploitable () gmail com>
Date: Fri, 4 Aug 2006 21:50:28 +0000
On 8/4/06, Stan Bubrouski <stan.bubrouski () gmail com> wrote:
I'm reading your message in gmail and there is nothing in my temp folder... not that i'd expect there to be. Gmail can't just create files on your computer without your permission, it it can your settings are wrong or your browser is broken. In other words if your gmail mails are ending up in your temp folder your web browser is putting them there... what browser are you using BTW. I'm using firefox and it doesn't store my mails in the temp folder under my NT account. -sb
You're wrong there, lets look at Yahoo Messenger: yupdater.exe The above little executable stays in the default Yahoo Messenger directory and can modify any files within that directory and sub-directories, the yupdater.exe can create and delete any file in those directories, and has the power to create new files and folders on the command of Yahoo. At no time is there notification by Yahoo to the end-user. I've witnessed when Yahoo were testing their backend anti-spam system, that blank folders were appearing within the default Yahoo Messenger directory. If an attacker can hack Yahoo and control everyones yupdater.exe then Yahoo will turn into a very dark place. Here is another executable that does discrete little directory updates to your system without end-user interaction or notification: YServer.exe We tried to protest what Yahoo was doing other the years in private, and even thought at one point about putting out trojan horses and viruses under the same file names so Symantec etc would flag them as malware, although we didn't So yeah, Yahoo have the ability to and do infact modify your system without permission :) This is done randomly at Yahoo's own discretion and is seperate from legitmate announced Yahoo Messenger updates :) Its about time Yahoo came clean about yupdater.exe and YServer.exe instead of anonymously sending commands to operating systems, to modify, delete and create files and (or) folders without anyone knowing. No one is saying Yahoo is doing anything evil, but what if an accident happened? Yahoo would get its ass kicked No one can say what unexpected modifications to folder and files might do to individual end-user systems. Yahoo, sort yourselves out. Foul play
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Gmail emails issue 6ackpace (Aug 04)
- Re: Gmail emails issue Stan Bubrouski (Aug 04)
- Re: Gmail emails issue Thomas Pollet (Aug 04)
- Re: Gmail emails issue Peter Dawson (Aug 04)
- Re: Gmail emails issue John Dietz (Aug 04)
- Re: Gmail emails issue Denis Jedig (Aug 04)
- Message not available
- Re: Re: Gmail emails issue L. Victor (Aug 04)
- Re: Re: Gmail emails issue John Dietz (Aug 04)
- Re: Re: Gmail emails issue Peter Dawson (Aug 04)
- Re: Gmail emails issue Thomas Pollet (Aug 04)
- Re: Gmail emails issue Stan Bubrouski (Aug 04)
- Re: Gmail emails issue n3td3v (Aug 04)
- Re: Gmail emails issue Peter Dawson (Aug 04)
- Message not available
- Re: Gmail emails issue L. Victor (Aug 05)