Re: This sums up Yahoo!s security policyto a -T-

[Valdis.Kletnieks () vt edu]

On Mon, 27 Dec 2004 10:05:55 EST, Mary Landesman said:

> Now, if there were reason to believe that a crime had been committed and
> that evidence lies in the email, that's a different story. In such a case, I
> believe the email should be turned over to the authorities. But absent legal
> need, turning over email to a grieving parent/spouse/child is a dangerous
> and undesirable precedent.

Amen.  Absent a properly executed subpoena, Yahoo shouldn't be coughing up
the data to anybody.  IANAL, but the "No right of survivorship" would probably
trump the executor's rights.  But even there, the *right* thing for the
executor is to have a judge issue a temporary restraining order, and hand
Yahoo the TRO and say "sit on this account until a judge rules on who wins".

It's amazing that nobody on *this* list has picked up on another thing that
Yahoo has to protect against: Social engineering.  Find a Yahoo userid that
hasn't been used in a few days, and "notify" Yahoo that you're the next of kin
and they just got killed in a car crash.

Do you really *want* Yahoo to take your word for it? (Remember, although *this*
case is high-profile, and the parents were probably on TV and all that, if
I pick some random Joe Smith across town, and tell Yahoo that I'm Joe Smith Sr,
why should they fall for it?)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html