Full Disclosure mailing list archives
Re: Yahoo security give blogger the thumbs up
From: Mark <markc () beigebox liquidev com>
Date: Sun, 12 Mar 2006 16:21:52 -0500
This isn't confidential Yahoo information. It's not even confidential ADP information -- any company who uses ADP's probusiness workcenter has subjected its employees to this ridiculous password complexity requirement. On Sun, Mar 12, 2006 at 08:41:18AM -0800, SO SECURITY RESEARCH INSTITUTE wrote:
Do you, uh, Yahoo? It appears no action will be taken against a Yahoo employee who disclosed confidential corporate side security information (with screenshots) to his weblog. This obviously gives the green light for anyone at Yahoo to do the same in the future. Why have a Yahoo policy if its not going to be inforced? Regardless of the security value of the blog entry, a clear breach of the confidentiality agreement between Yahoo and ADP has been made. Yahoo's response was "Jeremy is Jeremy, he can blog about anything he wants." Making it sound like if you're a celebrity Yahoo blogger then you can walk all over company policy. ADP were unavailable for comment at time of this message being submitted to Full-Disclosure mailing list. http://tinyurl.com/plqt3
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoo security give blogger the thumbs up SO SECURITY RESEARCH INSTITUTE (Mar 12)
- Re: Yahoo security give blogger the thumbs up TheGesus (Mar 12)
- Re: Yahoo security give blogger the thumbs up Mark (Mar 12)
- Re: Yahoo security give blogger the thumbs up SO SECURITY RESEARCH INSTITUTE (Mar 12)
- Re: Yahoo security give blogger the thumbs up nocfed (Mar 13)
- Re: Yahoo security give blogger the thumbs up SO SECURITY RESEARCH INSTITUTE (Mar 12)
- Re: Yahoo security give blogger the thumbs up J.A. Terranson (Mar 12)