Full Disclosure mailing list archives
Re: Yahoo recommends you write down account information
From: n3td3v group <system_outage () yahoo com>
Date: Thu, 16 Mar 2006 06:21:14 -0800 (PST)
I think you people are missing the point entirely. Let me tooth pick it for you since you can't work it out yourself. On http://security.yahoo.com/about_passwords.html Yahoo say, never write down your password. If you do, make sure its kept in a nuclear bunker. However, on sucessfully creating a new account at http://edit.yahoo.com/config/register the wording says "Yahoo recommends you print out this page" and gives a print out functionality link. You see, they tell you NEVER to write down your PASSWORD on one site and contradict themselves on another by recommending you print out all the information you would need to get a new password. Don't under estimate my intelligence and Valdis, I can't see how you could possibily know the scope in my mind thought of how a print out might be used in a real life scenario. The issue of printouts isn't a problem for home users as the other poster mentioned, The threat comes more in small business and large corporations. However, I wasn't looking into the serious side of how the print out would be used to actually compromise an account. I was more having some fun with Yahoo Security (and some of those folks I know personally over IM and Email), in the way security professionals at security.yahoo.com say one advice, but then folks who setup the edit.yahoo.com/config/register are saying another. In other words, a break down in co-ordination at Yahoo between the security team and the folks who look after config/register. Anyway I spoke with someone from security last night and they confirmed it was silly, and it was going to be fixed. See you guys later, n3td3v (not system_outage :P) Valdis.Kletnieks () vt edu wrote: __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoo recommends you write down account information n3td3v group (Mar 15)
- Re: Yahoo recommends you write down account information n3td3v group (Mar 15)
- Re: Yahoo recommends you write down account information n3td3v group (Mar 15)
- <Possible follow-ups>
- Re: Yahoo recommends you write down account information bigdaddyzeroday (Mar 15)
- Re: Yahoo recommends you write down account information bigdaddyzeroday (Mar 15)
- Re: Yahoo recommends you write down account information Valdis . Kletnieks (Mar 15)
- Re: Yahoo recommends you write down account information n3td3v group (Mar 16)
- Re: Yahoo recommends you write down account information Valdis . Kletnieks (Mar 16)
- Re: Yahoo recommends you write down accountinformation Dave Korn (Mar 16)
- Re: Yahoo recommends you write down account information mis (Mar 16)
- Re: Yahoo recommends you write down account information n3td3v group (Mar 16)
- Re: Yahoo recommends you write down account information n3td3v group (Mar 16)
- Re: Yahoo recommends you write down account information n3td3v group (Mar 16)
- Re: Yahoo recommends you write down account information Valdis . Kletnieks (Mar 15)
- Re: Yahoo recommends you write down account information MR BABS (Mar 17)