Full Disclosure mailing list archives
Re: Fwd: n3td3v has a fan
From: "G. D. Fuego" <gdfuego () gmail com>
Date: Mon, 14 Apr 2008 19:39:36 -0400
On Mon, Apr 14, 2008 at 6:23 PM, n3td3v <xploitable () gmail com> wrote:
On Mon, Apr 14, 2008 at 10:44 PM, G. D. Fuego <gdfuego () gmail com> wrote:Removing your private mailing list that none of us can actually post to.You could subscribe then you wouldn't hit the bouncer server? Its a public mailing list as long as you register your google account to the group.
That would work if I wanted to be subscribed to your group. "Don't Cross-Post" is a basic rule of netiquette.
I have to contest, at Yahoo--- Mark Seiden and others said Sunnyvale isn't MI5/MI6 and that people shouldn't be stopped on premises without permission for taking photos. And I was angry that Mark Seiden and others at Yahoo weren't going to take my e-mail seriously, athough later on it turns out that Yahoo non-cyber staff who patrol the grounds of Sunnyvale have stopped photo taking without permission, this has to be a good thing. The case of mine was highlighted by "ycantpark". of which flickr photos were published of the parking lots of Yahoo of employees who couldn't park, although that sent off triggers for me to send the multiple e-mail to their cyber security e-mail address to stop this happening. There are many ways the parking setup could be used against Yahoo adversaries, think car bomb, or truck bomb? It was hugely irresponsible of Yahoo to allow such photos to be taken by on-the-fly employees.The above section seems to state that preventing individuals from taking photos on the campus is an important security measure that makes sensetotake.Why wouldn't it be, do you want your car and number plate appearing on flickr and the company you work at or are connected to? Think of the shady adversaries or intelligence services who would find that an interesting peice of information.
I'm sure my car and its license plate are on the Internet somewhere. http://digital-photography-school.com/blog/photographers-rights-and-photography-privacy-advice/ This link gives basic information on what photographers are and are not allowed to do. In the "Photographer's right" section, it mentions that anyone can photographs of whatever they want in public places, or places where they have permission to do so. They specifically mention that streets are considered public. So while Yahoo may potentially have the rights to prevent you from taking pictures while on their property, they cannot prevent you from taking pictures of cars that come and go from their property. Enforcing these rules would have a real cost. There's the time of the security guards, court time if they press charges, and annoyance/inconvenience of their employees. Is that cost going to be worthwhile for the little added protection that they provide? I doubt it, but at the end of the day, its up to them to decide. Yahoo have a privacy policy for personal information on its website
for its consumers, it also takes operational information serious, and the addresses and other personal info of its employees... seriously, apparently. The photographs, as stated on Ycantpark, they give out the make and model of employee car without the permission of the owner, give the number plate of the employee or connected partner, which links to their home address and other data, and not only does the owner of the car not know, Yahoo Inc did not know this photo session was taking place and was being published on the web. Dude, this is a major privacy breach of Yahoo employees, partners, and Yahoo Inc policy, beliefs as a whole.
No, its public information. Back in the day when I focused on Yahoo, I found a beta group on Yahoo
groups that was supposed to be secure, but it was available for be to subscribed to. I subscribed and gathered operational intelligence on how the inside of Yahoo was working, I passed this research to Yahoo, and they took steps to close it down and punish/discipline those involved. Thats not all, one xmas, a site called stats.yahoo.com was broken into by known hackers, n3td3v was first on the scene to alert Yahoo, and they had to get their at the time stand-in-staff to bleeper the seniors away from their xmas turkey to attend the incident. The stats site, had all the names and addresses of employees and their roles and other personal data, Yahoo secured and eventually shut down the site.
So there is plenty evidence to suggest Yahoo take its employee privacy and its operational data privacy seriously, but they have might not quite realise how car models and number plates might equal the same type of data breach of its employees and operational data. So Yahoo do take privacy and data security seriously--in some cases---cars and number plates, questionable.
Names/Addresses/etc is legally protected PII (Personally Identifiable Information). License plates/car models are not.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Fwd: n3td3v has a fan, (continued)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 14)
- Re: Fwd: n3td3v has a fan G. D. Fuego (Apr 14)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 14)
- Re: Fwd: n3td3v has a fan Valdis . Kletnieks (Apr 14)
- Message not available
- Re: Fwd: n3td3v has a fan n3td3v (Apr 14)
- Re: Fwd: n3td3v has a fan G. D. Fuego (Apr 14)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 14)
- Re: Fwd: n3td3v has a fan G. D. Fuego (Apr 14)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 14)
- Re: Fwd: n3td3v has a fan Pat (Apr 14)
- Re: Fwd: n3td3v has a fan G. D. Fuego (Apr 14)
- Re: Fwd: n3td3v has a fan Ureleet (Apr 14)
- Re: Fwd: n3td3v has a fan Blaine Fleming (Apr 14)
- Re: Fwd: n3td3v has a fan mark seiden-via mac (Apr 15)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 16)
- Re: Fwd: n3td3v has a fan Shawn Nunley (Apr 16)
- Re: Fwd: n3td3v has a fan n3td3v (Apr 16)
- Re: Fwd: n3td3v has a fan Valdis . Kletnieks (Apr 14)
- nEtdEv is what? Pete Simpson (Apr 14)
- Re: nEtdEv is what? Ureleet (Apr 14)