Full Disclosure mailing list archives
Re: Yahoo! UK and US Hiring Security and Risk management experts
From: "intel unit" <n3td4v () hush ai>
Date: Mon, 01 Mar 2010 23:40:32 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yahoo has a ton of cash and a lot of experience put into make a great experience. But they do have those embarrassing security flaws you just mentioned. Also, they're not even using cellphone calling or having real people man cracked email accounts. Instead they let 15 year old 4channers backdoor you. The most secure way to fortify your mail to scramble your forgotten pw's, and if you do that, and you lose your pw, You're toast. I'm sure yahoo also has some shitty last 4 # of your CC. Google's way of doing it is superior. They hire pakis to do that stuff. Yahoo is amazing is many aspects (for years they had a great directory, and even today have superb search), but I never had the impression that security was their strongpoint. I wouldn't trust my mail or personal data with them. On Mon, 01 Mar 2010 23:23:24 +0000 brian moore <bem () cmc net> wrote:
On Sat, 27 Feb 2010 12:42:30 -0800 mark seiden <mis () yahoo-inc com> wrote:it's true that yahoo is hiring security people, though,typically not as consultantsbut as employees -- programmers and engineers who are cluefulaboutsecurity.Really? Cause they could sure use some.... (Considering the spam I get from Yahoo, where the Yahoo abuse people deny that web113903.mail.gq1.yahoo.com [98.136.167.123] is part of Yahoo.) I'd say you have a serious security problem, since if that's true, someone has compromised your DNS servers as well as records at ARIN that say Yahoo owns that network. Received: from n64.bullet.mail.sp1.yahoo.com (n64.bullet.mail.sp1.yahoo.com [98.136.44.189]) by mailhost.cmc.net (Postfix) with SMTP id 7CA5C29EB0A for <webmaster () kezi com>; Tue, 23 Feb 2010 09:59:41 -0800 (PST) That didn't come from Yahoo, either, according to your employees. Received: from n21.bullet.mail.mud.yahoo.com (n21.bullet.mail.mud.yahoo.com [68.142.206.160]) by bert.cmc.net (Postfix) with SMTP id 805631F918 for <rom () rom org>; Sat, 20 Feb 2010 06:31:13 -0800 (PST) That didn't come from Yahoo either... Looks like someone is totally having a field day with your DNS servers and ARIN, because it certainly can't be that your abuse staff is completely incompetent and ignoring spam complaints with lies about it not coming from Yahoo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Version: Hush 3.0 Note: This signature can be verified at https://www.hushtools.com/verify wpwEAQMCAAYFAkuMUHAACgkQwGoky+I7Eot/eAP+OJyVxW9JDzx5iV514RrCF5DOTX27 KslqXFVIVpKWLN6PscX0kKrI9bansION8Zt7wJoKO4EIdupAbpdXih4OOXBEzdxKhw2R Tjpj2NR715Es+3DPYX5Q0doYMVtgwEWZaBJZKVVoIyTMkhIoiIxyTIkhYipU4YchUBmj Yc0zm5I= =K5Og -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Yahoo! UK and US Hiring Security and Risk management experts intel unit (Mar 01)