Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: This sums up Yahoo!s security policy to a -T-
From: Bart.Lansing () kohls com
Date: Fri, 24 Dec 2004 09:56:55 -0600


n3td3v wrote on 12/23/2004 05:35:58 AM:

On Wed, 22 Dec 2004 17:59:25 -0800, morning_wood 
<se_cur_ity () hotmail com> wrote:

What's in that mailbox is/was mine, none of your business unless I 
chose
to share it.

i couldnt agree more... another case of lame, illogical media bullshit
BRAVO YAHOO

happy hollidays,

m.w
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



A few pointers here to remember:
- They reckon he was saving drafts of e-mails to send when he had net
access. Not all of these drafts were sent before he was obviously
murdered.

And you have proof of this...how?

- He was only using the e-mail account to communicate between friends
or family. It isn't like he has secret e-mails he wouldn't want his
family to read, example: some love affair etc with some random chick.

See above question...how do you...how does anyone...have even the vaguest 
idea what this young man had in his email records.  It's none of our 
business.


- Other e-mail providers like AOL have already given families access
to accounts of the e-mail used to send messages from battle.
- Sure, corporation need tight privacy policies, although if a
corporation like Yahoo! are going to be this tight, then surely there
should be an "appeal" system setup in special high profile cases, like
this one. This would be the best way to go, than putting families of
war dead, through extra pain when dealing with a loss of life.

And are you quite certain (note that I don't think it's germaine whether 
it would help or hurt, they have no right to his mail...I'm just asking) 
that if the family should suddenly get access to this email only to find 
out that he was (remember that this is PURELY hypothetical and in no way 
implying that the young man was any, at all, of the following..I'm sure he 
was an upstanding young man doing his duty as he saw it): gay...or in love 
with his cousin...or in love with his sister...or having an affair with 
the next door neighbor's great dane...or using Yahoo! to set up a huge 
coke deal for when he got home...or planning on smuggling poppy-powder 
back with him...or...hell anything that his familiy would find shocking, 
hateful, distaseful, immoral, etc... that it is somehow going to make them 
feel better??


- I personally think Yahoo! could easily allow them access in private,
turning a blind eye in this special circumstance. 

And you of course think that Yahoo! should make plans for going out of 
business as well?  Turning a blind eye once is announcing to the world: 
"Hey, if we feel like it, we'll violate your privacy, and your records can 
be made public at our whim!"

Which as I mentioned
above, an appeal process would give room for, obviously.
- This account should at least be taken out of the deactivation
process and deletion, until all legal angles have been ventured.

No it should not...see above.  We hold Yahoo! (or those who use it's mail 
facility anyway) as a trusted entity based on their written policies.  If 
they are willing to change them just because the situation has become 
high-profile (the worst possible reason by the way...that simply says that 
media pressure is more important than their policies), then you or I, as 
users of Yahoo! mail have absolutely no reason to believe that our records 
are safe there.

- If all else fails, its not rocket science for some hacker/script
kiddie to do the family a favour and crack the password and/or account
information and e-mail a family member the details.

Thanks, n3td3v

We're just going to have to agree to disagree...but, happy holidays anyway 
:)

Bart

 _______________________________________________
 Full-Disclosure - We believe in it.
 Charter: http://lists.netsys.com/full-disclosure-charter.html


CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is 
expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message 
created, sent and received.  Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]