Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Yahoo! UK and US Hiring Security and Risk management experts

From: "intel unit" <n3td4v () hush ai>
Date: Mon, 01 Mar 2010 23:40:32 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yahoo has a ton of cash and a lot of experience put into make a
great experience.

But they do have those embarrassing security flaws you just
mentioned.

Also, they're not even using cellphone calling or having real
people man cracked email accounts. Instead they let 15 year old
4channers backdoor you.

The most secure way to fortify your mail to scramble your forgotten
pw's, and if you do that, and you lose your pw, You're toast.

I'm sure yahoo also has some shitty last 4 # of your CC.

Google's way of doing it is superior. They hire pakis to do that
stuff.

Yahoo is amazing is many aspects (for years they had a great
directory, and even today have superb search), but I never had the
impression that security was their strongpoint.

I wouldn't trust my mail or personal data with them.

On Mon, 01 Mar 2010 23:23:24 +0000 brian moore <bem () cmc net> wrote:

On Sat, 27 Feb 2010 12:42:30 -0800
mark seiden <mis () yahoo-inc com> wrote:


it's true that yahoo is hiring security people, though,

typically not as consultants

but as employees -- programmers and engineers who are clueful

about

security.


Really?

Cause they could sure use some.... (Considering the spam I get
from Yahoo, where the
Yahoo abuse people deny that web113903.mail.gq1.yahoo.com
[98.136.167.123] is part of Yahoo.)

I'd say you have a serious security problem, since if that's true,
someone has compromised
your DNS servers as well as records at ARIN that say Yahoo owns
that network.

Received: from n64.bullet.mail.sp1.yahoo.com
(n64.bullet.mail.sp1.yahoo.com [98.136.44.189])
      by mailhost.cmc.net (Postfix) with SMTP id 7CA5C29EB0A
      for <webmaster () kezi com>; Tue, 23 Feb 2010 09:59:41 -0800 (PST)

That didn't come from Yahoo, either, according to your employees.

Received: from n21.bullet.mail.mud.yahoo.com
(n21.bullet.mail.mud.yahoo.com [68.142.206.160])
      by bert.cmc.net (Postfix) with SMTP id 805631F918
      for <rom () rom org>; Sat, 20 Feb 2010 06:31:13 -0800 (PST)

That didn't come from Yahoo either...

Looks like someone is totally having a field day with your DNS
servers and ARIN, because it certainly
can't be that your abuse staff is completely incompetent and
ignoring spam complaints with lies
about it not coming from Yahoo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Version: Hush 3.0
Note: This signature can be verified at https://www.hushtools.com/verify

wpwEAQMCAAYFAkuMUHAACgkQwGoky+I7Eot/eAP+OJyVxW9JDzx5iV514RrCF5DOTX27
KslqXFVIVpKWLN6PscX0kKrI9bansION8Zt7wJoKO4EIdupAbpdXih4OOXBEzdxKhw2R
Tjpj2NR715Es+3DPYX5Q0doYMVtgwEWZaBJZKVVoIyTMkhIoiIxyTIkhYipU4YchUBmj
Yc0zm5I=
=K5Og
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: