Re: Continued threat continues

["Mike M" <mkmaxx () gmail com>]

> From: n3td3v <xploitable () gmail com>
> Date: Oct 25, 2005 3:59 PM
> Subject: Continued threat continues
> To: full-disclosure () lists grok org uk
>
>
> It has been reported via the n3td3v group news wire that the group has
> surpassed its 600th member, adding to speculation that the group,
> hosted on the Google Groups network is only going to grow larger.
>
> The founder n3td3v since 1999 has been responsible for a number of
> vendor-side reported incidents and vulnerabilities on the Google and
> Yahoo network.
>
> We're working with people to making the group as comfortable as possible.
>
> Consumers are obviously being attacked via e-mail and IM right now
> with phishing and pharming hacks. Although theres been alot of
> corporate user hacking going on, its been noted, due to an up raise of
> the Yahoo 360 service.
>
> Corporate users with who are socially networking via Yahoo 360 service
> is definitely a threat to corporate security. We can't see any way out
> of it until Yahoo allows flexibility of privacy level for Yahoo 360,
> with regards to its public social circle list.
>
> Ultimately we've been calling for Yahoo 360 friends list to be
> viewable by "friends only" by default. Allowing for this to be changed
> later, by the consumer and corporate user, after "security warnings",
> which we are also calling for at this time.
>
> Right now, Yahoo 360 is a social networking service, with no option to
> hide your social cirlcles. Many users especially corporate users, are
> unaware of how exposed they've become to malicious hackers since the
> service was launched March.
>
> The Yahoo 360 service is allowing users to transfer whole Yahoo
> Messenger lists and E-mail address book lists, over to the public
> Yahoo 360 service, even if the user is unaware of privacy
> complications this may cause.
>
> Many folks are just unaware to how much information they've been
> giving out. Its the responsibility of Yahoo to make those corporate
> and consumer users on the service aware of what they're doing, before
> they do it, instead of offering to allow users to expose social
> circles on the fly.
>
> Alot of this is allowing for phishing and pharming attacks, as well as
> corporate hacking of employee computers with known and unkwown
> vulnerabilities.
>
> Just don't say mutter the words "Yahoo 360 worm", people might get
> worried.
>
> Why are Yahoo helping the growth of global trends when they don't need
> to, which will also have a side affect on their own users.




OMIGAWD!!! You've surpassed all previously known drama-queeniness

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/