Full Disclosure mailing list archives
Re: This sums up Yahoo!s security policyto a -T-
From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Dec 2004 16:26:22 -0500
On Mon, 27 Dec 2004 10:05:55 EST, Mary Landesman said:
Now, if there were reason to believe that a crime had been committed and that evidence lies in the email, that's a different story. In such a case, I believe the email should be turned over to the authorities. But absent legal need, turning over email to a grieving parent/spouse/child is a dangerous and undesirable precedent.
Amen. Absent a properly executed subpoena, Yahoo shouldn't be coughing up the data to anybody. IANAL, but the "No right of survivorship" would probably trump the executor's rights. But even there, the *right* thing for the executor is to have a judge issue a temporary restraining order, and hand Yahoo the TRO and say "sit on this account until a judge rules on who wins". It's amazing that nobody on *this* list has picked up on another thing that Yahoo has to protect against: Social engineering. Find a Yahoo userid that hasn't been used in a few days, and "notify" Yahoo that you're the next of kin and they just got killed in a car crash. Do you really *want* Yahoo to take your word for it? (Remember, although *this* case is high-profile, and the parents were probably on TV and all that, if I pick some random Joe Smith across town, and tell Yahoo that I'm Joe Smith Sr, why should they fall for it?)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: This sums up Yahoo!s security policyto a -T- Mary Landesman (Jan 05)
- Re: This sums up Yahoo!s security policyto a -T- James Tucker (Jan 02)
- RE: [inbox] Re: This sums up Yahoo!s security policyto a -T- Exibar (Jan 01)
- Re: [inbox] Re: This sums up Yahoo!s security policyto a -T- n3td3v (Jan 01)
- RE: [inbox] Re: This sums up Yahoo!s security policyto a -T- Exibar (Jan 01)
- Re: This sums up Yahoo!s security policyto a -T- Valdis . Kletnieks (Jan 06)
- Re: This sums up Yahoo!s security policyto a -T- James Tucker (Jan 02)