[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] [SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] [SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff
From: "Alex V. Lukyanenko" <y_avenger_y@xxxxx>
Date: Tue, 04 Jan 2005 14:18:49 +0200

Quoting n3td3v,

Because we all know Yahoo! has no account security, so kids aged 15
can hack an account. Yahoo! is like hacking for beginners. Its easy to
do, and therefore a great network to learn skills.. bravo Yahoo!, you
have a use after all.

Hm, hm. Yahoo's rudimentary security 'features' such as account
lockout policy (12 hours after several failed login attempts) is most
often used as a DoS against that account owner.
Plus numerous "booters" exploiting holes (read: buffer overflows) in
ypager.exe, and you have a perfect way to kick someone out from chat
and not let him/her/it return.
They (at Yahoo) try to make it harder to write your own chat
client/bot/messanger by slightly changing their CRAM (and still, it
was reversed, nevermind that it nowadays consist of several MD5-like
routines and is heavily obfuscated against casual reverse-engineers
:P)

Couldn't hold myself, this is FD after all :)

--
Alex V. Lukyanenko | 86195208@icq | y_avenger_y@xxxxx
----
http://cards.alkar.net/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Yahoo security and privacy
  - From: n3td3v

Prev by Date: [Full-Disclosure] WinHKI - CAB File Directory Transversal
Next by Date: [Full-Disclosure] Microsoft AntiSpyware - First Impressions
Previous by thread: [Full-Disclosure] WinHKI - CAB File Directory Transversal
Next by thread: Re: [Full-Disclosure] Yahoo security and privacy
Index(es):
- Date
- Thread