Full Disclosure mailing list archives
Yahoo Messenger privacy vulnerability in Yahoo 360
From: n3td3v <xploitable () gmail com>
Date: Mon, 27 Jun 2005 00:01:41 +0100
Hello security community, Can someone confirm that the following is true?... Vendor: Yahoo! Inc Description: Just when users of Yahoo Messenger had got a custom to being stealth from friends on Yahoo Messenger and Yahoo Profiles. Yahoo 360 appeared late March 2005, and currently takes your privacy away. Currently Yahoo 360 is not in sync with Yahoo Messenger stealth settings, therefore the user appears online at Yahoo 360. The vulnerability can be exploited and written into a hackers IM software, to have real-time online status, quickly and easily, of any devious users who choose to hide using Yahoo Messenger's stealth settings. Whats more is, if a user selects *Don't display my status on Yahoo sites* via Yahoo Messenger/Yahoo Profiles/Yahoo Members Directory, the true and not false online status is still displayed on Yahoo 360. Work around: Don't use stealth settings and select "Invisible to Everyone" on your status chooser. Credit: n3td3v http://blog.360.yahoo.com/blog-DDhkxBU_KLIDKLXKywM-?p=324 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoo Messenger privacy vulnerability in Yahoo 360 n3td3v (Jun 26)
- Re: Yahoo Messenger privacy vulnerability in Yahoo 360 n3td3v (Jun 26)