Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Yahoo! Instant Messenger
From: "Michael S. Fischer" <michael () DYNAMINE NET>
Date: Mon, 15 Jan 2001 09:26:39 -0800

"Shaun O'Callaghan" <the_duke247 () YAHOO COM> writes:

This is performed to the many Yahoo! servers by a
plain get request on the standard ports than YIM
uses.  As far as I am aware, this is affecting all
clients on all operating systems.  YIM passwords also
are used for mail, calenders, bill paying, auction
bidding (which hold CC numbers) well as other
information including addresses on various users.  I
feel this is a very dangerous exploit and comes not
long after I discovered the remote character buffer
overflow vulnerability in a previous version, hope it
was of some help.

The third statement of this paragraph is untrue -- Almost every transaction
at Yahoo! involving money uses the Yahoo! wallet system, which uses a
separate password from the one used by YIM and the other "standard"
(non-financial) services.

http://wallet.yahoo.com

--Michael

Michael S. Fischer <michael () dynamine net>      AKA Otterley
Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA
Phone: +1 650 533 4684 | AIM: IsThisOtterley | ICQ: 4218323
"From the bricks of shame is built the hope"--Alan Wilder


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]