Full Disclosure mailing list archives
Re: Yahoo security and privacy
From: n3td3v <xploitable () gmail com>
Date: Fri, 7 Jan 2005 15:42:04 +0000
On Tue, 04 Jan 2005 14:18:49 +0200, Alex V. Lukyanenko <y_avenger_y () ua fm> wrote:
Quoting n3td3v,Because we all know Yahoo! has no account security, so kids aged 15 can hack an account. Yahoo! is like hacking for beginners. Its easy to do, and therefore a great network to learn skills.. bravo Yahoo!, you have a use after all.Hm, hm. Yahoo's rudimentary security 'features' such as account lockout policy (12 hours after several failed login attempts) is most often used as a DoS against that account owner. Plus numerous "booters" exploiting holes (read: buffer overflows) in ypager.exe, and you have a perfect way to kick someone out from chat and not let him/her/it return. They (at Yahoo) try to make it harder to write your own chat client/bot/messanger by slightly changing their CRAM (and still, it was reversed, nevermind that it nowadays consist of several MD5-like routines and is heavily obfuscated against casual reverse-engineers :P) Couldn't hold myself, this is FD after all :) -- Alex V. Lukyanenko | 86195208@icq | y_avenger_y () ua fm ---- http://cards.alkar.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Thats the least of it. Yahoo! Messenger has no privacy. You can detect people who are invisible easily. A friend has developed a good open source project at buddy-spy.com You might want to check that out. Yahoo! Messenger team are scrambling to build a brand new robust and secure protocol for 2005, to particularly stop kids and vulnerable females from getting unwanted attention through the fundamental privacy flaws in the protocol my friend has been able to use to develop buddy-spy. If you're worried about your kids saftey on Yahoo! messenger, don't use it. At least until privacy flaws have been fixed. I could continue the list of Yahoo! glitches and flaws, but i'll leave it at the lack of privacy on Yahoo! Messenger for now. n3td3v, the greatest! Yahoo sec admins are no use. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff Alex V. Lukyanenko (Jan 06)
- Re: Yahoo security and privacy n3td3v (Jan 07)