Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Yahoo!
From: System Outage <system.outage () gmail com>
Date: Wed, 7 Jul 2004 13:15:49 +0100

On Wed, 7 Jul 2004 19:54:59 +1000, Geoffrey Huntley <ghuntley () gmail com> wrote:

Jesus christ.

Yahoo! spend very little time preventing security blunders from
happening. They would rather wait until the problem comes to them than
preventing the whole thing from ever happening. Take Yahoo! Messenger
for instance. They build the client over 6 months and rush the coding.
Yahoo! care more about deadlines for projects, than checking
protocol's for potential vulnerabilities before release.

The end result? People get disconnected from Yahoo! Chat/Messenger or
have cookies stolen (because the system is handing them out, because
of obvious and petty flaws on protocol) and in the end, the consumer
loses the account to script kiddies.

Why sweep up from the aftermath of a major security incident due to
messy coding, when you can take an extra month on a project to review
potential vulnerabilities, saving everyone alot of time and energy and
money in the long run.

If every vulnerability that Yahoo! has had and still has was disclosed
on Full-Disclosure, they'd look just as bad as Microsoft do at the

Geoffery loves my e-penis.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]