Full Disclosure mailing list archives
Re: What makes Yahoo! a good merger candidate?
From: admin () phishcop net
Date: Thu, 7 Feb 2008 08:37:32 -0800 (PST)
Their abuse policy of course! Last week a client's server was being attacked (some old Tomcat5 vuln) and used to attack other servers (ssh login guessing). The results of these dictionary attack were being mailed to the address 'blax2004us () yahoo com': cat vuln.txt |mail -s "Lame Gang Us Roots" blax2004us () yahoo com After I addressed the vulnerability I decided to contact yahoo.com about this issue. Of course the only way to do this was by browsing the Yahoo.com site for any abuse/security contacts. After a while I found a form I could use to notify them of abuse of their services. So I wrote them a quick explanation about what was going on including the e-mail address of the account used to harvest passwords. After a couple of hours I received an e-mail from 'Marcus' a Yahoo! Customer Care representative (44592956) asking me to provide a the full subject and other headers from the spam I had received.
Sorry to say, but Yahoo!'s front line support people are practically useless. You can tell them you need the phone number for the White House and they'd still ask you for the "full subject and email headers" in order to "assist us in a prompt and full investigation". I actually wonder if real people read those complaints or if they have some bot that scans for what looks like email headers and simply auto-replies if it doesn't see them?!?
After writing back kindly that I had no spam complaint but wanted to report the mal-use of an account of theirs I received another reply a little while later asking me to provide my *personal* information about my account and what errors I got when I tried to login. Well, I don't even *have* an Yahoo! account.
<see my previous paragraph>
So, what do you do when you want to report something like this? In fact I'm doing them a favor by reporting but all I got is this lousy response. I'll have to think twice about reporting something like this next time...
You're not doing Yahoo! a favor! ;^) It doesn't HURT THEM if someone is using a Yahoo! email address for illegal purposes. You're doing the potential innocent victims a favor, but that's not Yahoo!'s problem, is it??
Does anyone know an Yahoo! security contact that actually does his job?
Actually, yes, I do. The email address 'ymailabuse-prio () yahoo com' goes to REAL PEOPLE who really read the complaints and do something about them (as far as I can tell). I hope I don't lose my "complaint privileges" for having posted that email address here?? (I don't know why they make it so hard?!?) Now, if anyone can get me it touch with someone in the Google/Gmail abuse department, THEN we'd be making progress! Google/Gmail hides their contact info even more than Yahoo!, and then creates a group/forum for people to get help THATS MANNED BY OTHER USERS!!! Google/Gmail thinks they shouldn't have to help us, but we can help each other?!? Geez, talk about LAME!! Patrick Klos Phishcop Admin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: What makes Yahoo! a good merger candidate?, (continued)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Harry Hoffman (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
- Re: What makes Yahoo! a good merger candidate? worried security (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Harry Hoffman (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Tonnerre Lombard (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Christian Kujau (Feb 07)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 07)
- Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Chris 'Chipper' Chiapusio (Feb 07)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 07)