Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Continued threat continues
From: n3td3v <xploitable () gmail com>
Date: Tue, 25 Oct 2005 16:59:40 +0100

It has been reported via the n3td3v group news wire that the group has
surpassed its 600th member, adding to speculation that the group,
hosted on the Google Groups network is only going to grow larger.

The founder n3td3v since 1999 has been responsible for a number of
vendor-side reported incidents and vulnerabilities on the Google and
Yahoo network.

We're working with people to making the group as comfortable as possible.

Consumers are obviously being attacked via e-mail and IM right now
with phishing and pharming hacks. Although theres been alot of
corporate user hacking going on, its been noted, due to an up raise of
the Yahoo 360 service.

Corporate users with who are socially networking via Yahoo 360 service
is definitely a threat to corporate security. We can't see any way out
of it until Yahoo allows flexibility of privacy level for Yahoo 360,
with regards to its public social circle list.

Ultimately we've been calling for Yahoo 360 friends list to be
viewable by "friends only" by default. Allowing for this to be changed
later, by the consumer and corporate user, after "security warnings",
which we are also calling for at this time.

Right now, Yahoo 360 is a social networking service, with no option to
hide your social cirlcles. Many users especially corporate users, are
unaware of how exposed they've become to malicious hackers since the
service was launched March.

The Yahoo 360 service is allowing users to transfer whole Yahoo
Messenger lists and E-mail address book lists, over to the public
Yahoo 360 service, even if the user is unaware of privacy
complications this may cause.

Many folks are just unaware to how much information they've been
giving out. Its the responsibility of Yahoo to make those corporate
and consumer users on the service aware of what they're doing, before
they do it, instead of offering to allow users to expose social
circles on the fly.

Alot of this is allowing for phishing and pharming attacks, as well as
corporate hacking of employee computers with known and unkwown
vulnerabilities.

Just don't say mutter the words "Yahoo 360 worm", people might get worried.

Why are Yahoo helping the growth of global trends when they don't need
to, which will also have a side affect on their own users.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Continued threat continues n3td3v (Oct 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]