[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] What makes Yahoo! a good merger candidate?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
From: Ferdinand Klinzer <Klinzer@xxxxxx>
Date: Wed, 6 Feb 2008 13:22:17 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think the adress is

security@xxxxxxxxx

Cheers

Ferdinand from Germany

Am 06.02.2008 um 11:58 schrieb Vincent van Scherpenseel:

> Their abuse policy of course!
>
> Last week a client's server was being attacked (some old Tomcat5 vuln)
> and used to attack other servers (ssh login guessing). The results of
> these dictionary attack were being mailed to the address
> 'blax2004us@xxxxxxxxx':
> cat vuln.txt |mail -s "Lame Gang Us Roots" blax2004us@xxxxxxxxx
>
> After I addressed the vulnerability I decided to contact yahoo.com  
> about
> this issue. Of course the only way to do this was by browsing the
> Yahoo.com site for any abuse/security contacts. After a while I  
> found a
> form I could use to notify them of abuse of their services. So I wrote
> them a quick explanation about what was going on including the e-mail
> address of the account used to harvest passwords.
>
> After a couple of hours I received an e-mail from 'Marcus' a Yahoo!
> Customer Care representative (44592956) asking me to provide a the  
> full
> subject and other headers from the spam I had received.
>
> After writing back kindly that I had no spam complaint but wanted to
> report the mal-use of an account of theirs I received another reply a
> little while later asking me to provide my *personal* information  
> about
> my account and what errors I got when I tried to login. Well, I don't
> even *have* an Yahoo! account.
>
> So, what do you do when you want to report something like this? In  
> fact
> I'm doing them a favor by reporting but all I got is this lousy
> response. I'll have to think twice about reporting something like this
> next time...
>
> Does anyone know an Yahoo! security contact that actually does his  
> job?
>
> Kind Regards,
> Vincent van Scherpenseel
>
> -- 
> ServerFloor.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFHqaZ5ivpgT1glX4cRAoiGAKCmtLIJk0zsxBr7+DxUknYpHdm34ACcCxPx
FJpUA2qj8Bv9q7ehmt8dk60=
=e2B1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] What makes Yahoo! a good merger candidate?
  - From: Vincent van Scherpenseel

Prev by Date: Re: [Full-disclosure] JaPCrypt
Next by Date: Re: [Full-disclosure] Acroread 8.1.2: why?
Previous by thread: [Full-disclosure] What makes Yahoo! a good merger candidate?
Next by thread: Re: [Full-disclosure] What makes Yahoo! a good merger candidate?
Index(es):
- Date
- Thread