mailing list archives
From: System Outage <system.outage () gmail com>
Date: Wed, 7 Jul 2004 13:15:49 +0100
On Wed, 7 Jul 2004 19:54:59 +1000, Geoffrey Huntley <ghuntley () gmail com> wrote:
OMG MY E-PENIS > YOUR E-PENIS.
Yahoo! spend very little time preventing security blunders from
happening. They would rather wait until the problem comes to them than
preventing the whole thing from ever happening. Take Yahoo! Messenger
for instance. They build the client over 6 months and rush the coding.
Yahoo! care more about deadlines for projects, than checking
protocol's for potential vulnerabilities before release.
The end result? People get disconnected from Yahoo! Chat/Messenger or
have cookies stolen (because the system is handing them out, because
of obvious and petty flaws on protocol) and in the end, the consumer
loses the account to script kiddies.
Why sweep up from the aftermath of a major security incident due to
messy coding, when you can take an extra month on a project to review
potential vulnerabilities, saving everyone alot of time and energy and
money in the long run.
If every vulnerability that Yahoo! has had and still has was disclosed
on Full-Disclosure, they'd look just as bad as Microsoft do at the
Geoffery loves my e-penis.
Full-Disclosure - We believe in it.
Re: Gmail Information Disclosure Vulnerability amforward (Jul 05)
Re: Gmail Information Disclosure Vulnerability Geoff Shively (Jul 05)