Full Disclosure mailing list archives
Re: AOL refuses to help AIM users
From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Tue, 4 Feb 2003 13:41:14 +0100
Hi all, McAfee has the same problem. McAfee does the virus-scanning for hotmail. I discovered a vuln in hotmail a while ago that allowed XSS and wrote a PoC virus in 100% javascript that would spread itself to everyone in the addressbook. I informed hotmail about the XSS hole: They fixed the problem within hours (go Microsoft!). I also wanted to inform McAfee that they need to update their scanners. I got a message back asking for my user registration number. I told them I wasn't a registered user asking for a helpdesk but that I was reporting a virus which their scanners did not detect. I got back another "We don't read email without your number..." email. Berend-Jan Wever PS. No! The source of the hotmail virus will not be disclosed and it doesn't work without a XSS hole in Hotmail anyway. From: "ATD" <simon () snosoft com> All, Has anyone on this list ever tried to report a security issue to AOL? I just tried to do that and was literally told, "Corporate policy states that we do not help our free users.". I said, "I suppose thats because you don't make any money off of the free users". The man on the other end of the line being their security expert then stated, "thats right". Is this how they treat their prospective clients, end users, and free users? What can we do about this? -- ATD <simon () snosoft com> Secure Network Operations, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SQL Slammer - lessons learned John . Airey (Feb 03)
- Re: SQL Slammer - lessons learned Henrik Lund Kramshøj (Feb 03)
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- <Possible follow-ups>
- Re: SQL Slammer - lessons learned David Howe (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Message not available
- Re: AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Rick Updegrove (Feb 03)
- Re: AOL refuses to help AIM users ATD (Feb 03)
- AOL refuses to help AIM users ATD (Feb 03)
- Re: AOL refuses to help AIM users Berend-Jan Wever (Feb 04)
- RE: SQL Slammer - lessons learned Paul Schmehl (Feb 05)
- Re: SQL Slammer - lessons learned Helmut Springer (Feb 05)
- Re: SQL Slammer - lessons learned David LaPorte (Feb 05)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 05)
- Re: SQL Slammer - lessons learned Niels Bakker (Feb 05)
- Re: SQL Slammer - lessons learned David Howe (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)
- Re: SQL Slammer - lessons learned Blue Boar (Feb 06)
- Re: SQL Slammer - lessons learned Ron DuFresne (Feb 06)