Full Disclosure mailing list archives
Social engineering alert on Yahoo IM
From: n3td3v <xploitable () gmail com>
Date: Fri, 15 Apr 2005 14:35:01 +0100
---------- Forwarded message ---------- From: n3td3v <xploitable () gmail com> Date: Apr 3, 2005 11:00 PM Subject: Social engineering alert on Yahoo IM To: Yahoo Security Contact <security () yahoo-inc com> markiseiden (21:18:41): hi markiseiden (21:18:42): i seem to be one of your 4 "friends" on y360 n3td3v (21:19:10): I took everyone off markiseiden (21:20:05): i sent you some queries last week about sending you a t shirt which you might want, but i need to know a size and postal addr n3td3v (21:20:29): I don't feel good about giving out my home address over the net markiseiden (21:20:43): don't you have any postal address which you consider safe enough to give out n3td3v (21:20:55): Not reall markiseiden (21:20:55): whereby something will get to you? n3td3v (21:21:07): I don't work markiseiden (21:21:25): got any friends who work, or are they all slackers? n3td3v (21:21:59): I keep my internet life sperate from my friends markiseiden (21:22:23): wow, i'm impressed. i haven't been able to do that for more than 20 years. n3td3v (21:22:59): I don't smell of roses though markiseiden (21:23:11): do you, in fact live in edinburgh? markiseiden (21:23:31): just curious, nice place (last time i was there) n3td3v (21:24:16): I don't want to state my *exact* location n3td3v (21:24:52): edinburgh is the nearest place people know n3td3v (21:25:04): who live out of UK n3td3v (21:25:15): so I say edinburgh markiseiden (21:25:33): but you live someplace rural rather than urban) markiseiden (21:26:16): i was in kyoto a few weeks ago, visiting a friend who lives in a house with rice paper walls and outdoor plumbing (both bath and toilet) ... markiseiden (21:26:29): but he had a fiber connection. n3td3v (21:26:35): I've been to kyoto n3td3v (21:26:51): Thats in Japan right? n3td3v (21:27:00): I backpacked Japan years ago markiseiden (21:27:21): yes. n3td3v (21:27:43): Random people walk upto you because they don't see many westerners n3td3v (21:27:50): and shake your hand n3td3v (21:27:56): Its surreal markiseiden (21:27:59): when backpacking, yes. markiseiden (21:29:26): or bicycling, particularly in the country. (but in japanese cities, there are western tourists everywhere). n3td3v (21:30:00): Yeah that was the case in toyko markiseiden (21:31:23): well, if you can think of someone who is willing to accept a t shirt and get it to you, get in touch. it will come from an anonymous sender in sunnyvale. n3td3v (21:31:51): Do you work at Yahoo or something? markiseiden (21:32:12): yes n3td3v (21:32:59): Why should I surrender my info, if you want to send it as anonymous sender. Thats not very fair is it. Plus I don't know you yet,a dn how do I know this isn't just a neat trick to get my address n3td3v (21:33:09): I'm not that gullible markiseiden (21:33:11): you could google me for bona fides markiseiden (21:33:22): honestly, i don't think anyone is out to get you. n3td3v (21:33:28): That proves nothing markiseiden (21:33:36): well, nothing proves anything. markiseiden (21:33:53): if you don't want a t shirt, fine. markiseiden (21:34:01): if you do, also, fine. markiseiden (21:34:06): just tell me how to get it to you. n3td3v (21:34:16): You can have a great Google query, and still want my home address or location for some reason, thats not in my best interest markiseiden (21:34:38): look, if you google me you will see i have a reputation for some things, and you could read my postings over the last n years. n3td3v (21:34:57): Even if I set up a POBOX, someone could still sit outside and follow me back to my home or whatever markiseiden (21:35:32): yeah, if you're a terrorist or major criminal someone might do that. n3td3v (21:36:08): Or some insane guy with a grudge who wants to harm you, even n3td3v (21:36:21): I have online enemies n3td3v (21:36:28): I don't know you yet markiseiden (21:36:34): you mistake me for someone who gives a damn. n3td3v (21:36:39): I don't know how sincere your intentions are markiseiden (21:37:13): well, google me and get back if you get a better feeling. i don't know how else to reassure you. markiseiden (21:37:22): oh, did you go to ccc in berlin earlier this year? markiseiden (21:37:29): over xmas, i mean n3td3v (21:37:32): Whats ccc? markiseiden (21:37:43): chaos computer club/communication conference markiseiden (21:38:00): i guess you only hack yahoo and not in general in europe) n3td3v (21:38:14): Nah, I live my life on a shoe string. I don't have the money to travel around. n3td3v (21:38:19): I don't hack Yahoo n3td3v (21:39:36): Your being pretty forceful before I even know you n3td3v (21:39:58): What team at Yahoo are you at? n3td3v (21:40:04): security? markiseiden (21:40:13): you can if you have a high speed connection see a talk i gave with barry wels at ccc n3td3v (21:40:55): Are you at home right now or on a corporate computer? n3td3v (21:41:06): See, I can ask wierd uncomfortable questions as well markiseiden (21:41:07): home n3td3v (21:41:20): Whats your home address? markiseiden (21:41:24): where would i be on sunday morning n3td3v (21:41:42): I want to send you a t-shirt markiseiden (21:41:50): i have 2 of them but i have a po box and a work address markiseiden (21:42:14): both of which provide a bit of personal separation. n3td3v (21:42:21): I'd rather have your home address, unless your a terrorist or online criminal markiseiden (21:42:34): i said i don't care what address i send it to. markiseiden (21:43:20): do you have a fast enough connection to download a big media file? let me see if i can find our online ccc talk... n3td3v (21:43:34): I use a DUN connection markiseiden (21:44:18): yikes, well that would never do, it's 500MB. n3td3v (21:45:11): What team at Yahoo are you with n3td3v (21:45:16): security? markiseiden (21:45:54): it's not called that. n3td3v (21:46:09): Whats it called n3td3v (21:46:21): incident response? markiseiden (21:47:10): here's a bio. you can click on the events link and see the slides. http://www.ccc.de/congress/2004/fahrplan/speaker/162.en.html n3td3v (21:47:44): side dodging a simple question about where you work. you obviously have a hidden agenda markiseiden (21:48:08): i'm a consultant, i work for several places n3td3v (21:48:19): I asked about Yahoo n3td3v (21:48:31): Security advisor for Yahoo? markiseiden (21:48:52): i consult on such things, yeah. n3td3v (21:49:04): So you thought you should become my buddy markiseiden (21:49:38): no, i don't want to be your buddy. i just want to send you a bloody t shirt, because you seem to be an entertaining irritant, but even that is impossible. markiseiden (21:49:50): actually, it's a clean and new t shirt. n3td3v (21:49:54): If you/Yahoo really want my home address. You have my ISP on your server logs. Contact them with a police reference number, and I'm sure my ISp will release such info markiseiden (21:50:03): too much trouble. markiseiden (21:50:18): we don't really want your home address. n3td3v (21:50:25): No, you mean. I haven't done anything n3td3v (21:50:41): I don't hack Yahoo n3td3v (21:51:42): irritant? n3td3v (21:52:01): What have I done thats annonyed you so much n3td3v (21:52:15): I just help Yahoo when I hear of someone with an exploit n3td3v (21:52:20): and report it n3td3v (21:52:23): thats all markiseiden (21:52:28): in the sense that a grain of sand irritates the oyster into making a pearl. markiseiden (21:53:15): yes, that's my impression also. your reports are appreciated, when they're clear enough to understand. markiseiden (21:53:24): (particularly) n3td3v (21:55:24): I'm sorry n3td3v (21:55:31): I'm a good guy markiseiden (21:55:35): some of us just thought a t shirt would be a nice thing to do. apparently not. sorry for the intrusion. n3td3v (21:55:41): I don't mean to annoy anyone from Yahoo n3td3v (21:57:42): I just wish you would be friendly.. instead of this hostile approach since your first IM markiseiden (21:58:06): look, we've all been doing this for a very long time. i've worked on the defenses of dozens of people accused of computer crime, and a few prosecutions, too. n3td3v (21:58:26): I'm not a criminal markiseiden (21:58:28): it's impossible to be friendly with you, since you're so suspicious. it must be a hidden agenda. n3td3v (21:58:52): I don't have a criminal record n3td3v (21:59:10): I've never hacked anything online ever markiseiden (21:59:14): what i was trying to convey, is that i understand why people hack, having done it myself since the 60s. n3td3v (21:59:27): I don't hack markiseiden (21:59:53): okay, okay. but i do, in the noncriminal sense of the word. n3td3v (22:00:09): I don't in any sense of the word n3td3v (22:00:34): I see people talking about exploits and I report it n3td3v (22:00:38): Thats it n3td3v (22:02:04): Like I say on my website. I study hacker trends and techniques n3td3v (22:02:11): also, I read news articles n3td3v (22:02:14): Thats it n3td3v (22:02:36): I ethically probably know how to hack, but i've never done it markiseiden (22:03:04): well, thanks. n3td3v (22:03:33): You don't need to be a terrorist or online criminal to not want to give out your location/home address n3td3v (22:03:39): over the net n3td3v (22:03:46): Its a pretty average thing markiseiden (22:04:21): look at what i referred you to and get back to me if you change your mind. if you google me you'll see my email address has been the same as my surname since 1989. n3td3v (22:04:37): Not online don't I know you, but Yahoo Messenger net isn't exactly immune from packet siffing bots n3td3v (22:04:45): not only* n3td3v (22:04:55): sniffing n3td3v (22:05:31): Be serious. The t-shirt is just a tactic to get some info about me markiseiden (22:05:39): not at all. n3td3v (22:05:56): I wasn't born yesterday. I was born 24 years ago markiseiden (22:06:25): too young to be so paranoid. markiseiden (22:07:43): if anyone really wanted to find you, they would offer you something of enough value that you would bite at it. n3td3v (22:07:52): No. n3td3v (22:07:58): I wouldn't bite period n3td3v (22:09:49): What do Yahoo have me labelled as to merit this n3td3v (22:10:14): A random employee contacts me out of the blue trying to know where I live markiseiden (22:10:25): i am not an employee. markiseiden (22:10:33): i don't care where you live. n3td3v (22:10:42): You said you worked for Yahoo markiseiden (22:10:45): i just want to send you a t shirt as a token. markiseiden (22:10:51): i am a consultant, not an employee. n3td3v (22:11:01): a token for what? being an irritant? n3td3v (22:11:25): Usually friends send gifts. Yet you don't even want to be my friend markiseiden (22:11:27): what you do has value and is appreciated. n3td3v (22:11:37): What do I do? markiseiden (22:11:44): reporting bugs and other problems. markiseiden (22:12:21): but if you can't find a way of accepting a token gift, so be it. markiseiden (22:12:29): i can't say anything more on this subject. n3td3v (22:13:52): Your social skills aren't that great are they n3td3v (22:14:29): I already speak to an employee of Yahoo on IM. He is alot more friendly, and not as rude markiseiden (22:14:31): nobody has accused me of having social skills. but you can look up that i have friends in orkut, friendster, linked in, or the like. markiseiden (22:14:56): i'm not trying to be rude. n3td3v (22:15:19): You've accused me of hacking Yahoo n3td3v (22:15:34): You work for Yahoo security team and want my home address markiseiden (22:15:47): i have not accused you of anything. n3td3v (22:15:48): Those are the facts I know about you so far n3td3v (22:16:04): This is a surreal IM markiseiden (22:16:14): and i don't want your home address. n3td3v (22:16:26): You did until you realised I wasn't falling for it markiseiden (22:16:40): any postal address whatsoever is what i asked for. markiseiden (22:17:05): that will result in your receiving a physical object. n3td3v (22:17:06): I can't do that. I would still be trackable to any malicious stalker markiseiden (22:17:21): why cannot be sent over the net, given current technology. markiseiden (22:17:35): right, a malicious stalker will go after your auntie jane. n3td3v (22:17:43): POBOX's don't offer anonymity. Its the same as using an open proxy. markiseiden (22:18:43): sorry, i have other things to do today, like geeking chickens and talking with my kid about her college plans. n3td3v (22:19:09): Thats why you shouldn't mix your work with your home life markiseiden (22:19:36): to quote yoda, "when you my age are, then you can give me advice" n3td3v (22:19:57): Don't be smart. Age has nothing to do with it n3td3v (22:20:24): A 13 year old could have more skills than a 30 year old n3td3v (22:20:31): With regards to hacking n3td3v (22:20:50): Same for parental issues markiseiden (22:21:11): but with regards to how to conduct one's life, people are entitled to make their own choices. markiseiden (22:21:17): so i've got to go. n3td3v (22:21:21): Thats true markiseiden's status is now "out running errands" (03/04/05 22:21) n3td3v (22:21:49): Come back when you don't bring yourself across as a grade A weirdo markiseiden (22:21:50): out running errands markiseiden (22:22:13): sorry, as a weirdo i'm a lifer. ask my friends. n3td3v (22:22:35): I'll show this IM to some people I know, and let them decide. markiseiden (22:23:47): as you like. i hope no trouble will come of it. n3td3v (22:24:05): You might lose your job actually. n3td3v (22:24:19): You never know markiseiden (22:24:20): hah, very funny. n3td3v (22:24:52): Yeah.. I don't have much infulence at Yahoo Inc do I n3td3v (22:25:02): I'm just seen as some kid n3td3v (22:25:06): Thats cool n3td3v (22:28:13): I would love to be able to help you improve security at Yahoo, but you just want my home address. markiseiden (22:28:32): look, before i go, tell me the size of the shirt (unless it's medium) markiseiden (22:28:47): cuz last time we ran out of small and xxl n3td3v (22:29:35): geocities.com/n3td3v/profile.html n3td3v (22:29:55): Thats the only personal info i give out markiseiden (22:30:00): (or not) markiseiden (22:30:24): i have never spent an hour and ten minutes trying to get someone a t shirt before. you hit my limit. n3td3v (22:30:38): I don't want a t-shirt n3td3v (22:30:43): no offence markiseiden (22:30:51): no offense intended. markiseiden (22:31:04): (or taken, i mean) markiseiden (22:31:19): bye. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Social engineering alert on Yahoo IM n3td3v (Apr 15)
- Re: Social engineering alert on Yahoo IM Bipin Gautam (Apr 15)
- Re: Social engineering alert on Yahoo IM KF (lists) (Apr 15)
- Message not available
- Fwd: Social engineering alert on Yahoo IM Colin (Apr 19)
- Re: Social engineering alert on Yahoo IM n3td3v (Apr 21)
- Message not available