Full Disclosure: [SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

[SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff

From: "Alex V. Lukyanenko" <y_avenger_y () ua fm>
Date: Tue, 04 Jan 2005 14:18:49 +0200


Quoting n3td3v,

Because we all know Yahoo! has no account security, so kids aged 15
can hack an account. Yahoo! is like hacking for beginners. Its easy to
do, and therefore a great network to learn skills.. bravo Yahoo!, you
have a use after all.

Hm, hm. Yahoo's rudimentary security 'features' such as account
lockout policy (12 hours after several failed login attempts) is most
often used as a DoS against that account owner.
Plus numerous "booters" exploiting holes (read: buffer overflows) in
ypager.exe, and you have a perfect way to kick someone out from chat
and not let him/her/it return.
They (at Yahoo) try to make it harder to write your own chat
client/bot/messanger by slightly changing their CRAM (and still, it
was reversed, nevermind that it nowadays consist of several MD5-like
routines and is heavily obfuscated against casual reverse-engineers
:P)

Couldn't hold myself, this is FD after all :)

--
Alex V. Lukyanenko | 86195208 () icq | y_avenger_y () ua fm
----
http://cards.alkar.net/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

[SHORT ESSAY] Yahoo security "policy", booters, 12-hour account DoS and other stuff Alex V. Lukyanenko (Jan 06)
- Re: Yahoo security and privacy n3td3v (Jan 07)