Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: n3td3v outsmarts Google
From: n3td3v <n3td3v () gmail com>
Date: Thu, 27 Apr 2006 02:28:06 +0100

On 4/26/06, Krpata, Tyler <tkrpata () bjs com> wrote:
Well gee, aren't you going to post an Official Netdev Critical Emergency
Security Advisory about this one or what?

Not this one, since its not security related.

However, I have a passion for hacking web applications, and corporate
backyard software.

I do plan on releasing (more) multiple Google vulnerabilities soon, to
keep in line with my past reputation.

Yahoo as well will get a look-in as soon as they stop distracting me
from hacking them by sending random threats to deactivate my Yahoo

The random e-mail they sent today neither states 1) The name of the
Yahoo account in question, 2) nor does it state the alledged violation
in question.

If you (Yahoo) want to deactivate an account you claim belongs to me,
just do it! Yahoo accounts are free, I can create a new one. However,
I don't appreciate worthless and non-informative e-mail, which not
only wastes my time, but wastes valuable Yahoo resources, as the
information they wanted to get across is void, since they don't
specify the account name or the alledged violation.

I know its a real Yahoo! e-mail from just looking at

This header: Received: (from yahoo () localhost)

This header above used to say the corporate ID of the employee sending
the e-mail, and because of that I was able to get every name of the
folks working at Yahoo security team, their e-mail, and everything
else to do with them, because Yahoo corporate ID's relate to
everything they do. From corporate e-mail, the name of their corporate
computer hostname and everything else to do with a particular
employee. I alerted them to it years back and now all Yahoo corporate
mail says yahoo () localhost, than corpidgoeshere () localhost  Although,
Yahoo employee corporate ID's still relate to
corpidgoeshere () yahoo-inc com and corpiddoeshere.corp.yahoo.com and
corpidgoeshere for guesthouse.corp.yahoo.com and other corporate login
sites on Yahoo's corporate infrastructure.



See below:
Delivered-To: n3td3v () gmail com
Received: by with SMTP id i8cs35897pyl;
        Wed, 26 Apr 2006 03:26:34 -0700 (PDT)
Received: by with SMTP id z17mr1090253pyi;
        Wed, 26 Apr 2006 03:26:34 -0700 (PDT)
Return-Path: <yahoo () yahoo-inc com>
Received: from relay1.sdv.yahoo.com (relay1.sdv.yahoo.com [])
        by mx.gmail.com with ESMTP id d13si387272pyd.2006.;
        Wed, 26 Apr 2006 03:26:34 -0700 (PDT)
Received-SPF: neutral (gmail.com: is neither permitted
nor denied by best guess record for domain of yahoo () yahoo-inc com)
Received: from admin1.wlt.sdv.yahoo.com (admin1.wlt.sdv.yahoo.com
        by relay1.sdv.yahoo.com (Postfix) with ESMTP id 5E13A169F8A
        for <n3td3v () gmail com>; Wed, 26 Apr 2006 03:26:33 -0700 (PDT)
Received: (from yahoo () localhost)
        by admin1.wlt.sdv.yahoo.com (8.12.3/8.12.3) id k3QAQXd6023685;
        Wed, 26 Apr 2006 03:26:33 -0700 (PDT)
        (envelope-from yahoo)
Date: Wed, 26 Apr 2006 03:26:33 -0700 (PDT)
Message-Id: <200604261026.k3QAQXd6023685 () admin1 wlt sdv yahoo com>
From: Yahoo! <yahoo-dev-null () yahoo-inc com>
To: n3td3v () gmail com
Subject: Yahoo! Administrative Notice

Dear Yahoo! account holder:

By creating and using your Yahoo! account, you agree to abide by
Yahoo!'s Terms of Service (TOS).  Pursuant to the TOS, Yahoo! reserves
the right to terminate your account or otherwise prohibit use of your
account in the event that, among other things, Yahoo! believes that you
have violated or acted inconsistently with the letter or spirit of the

It has come to our attention that you may have violated the TOS.
Please reread the TOS and cease any use of your account that may
violate the TOS.

If your use of your Yahoo! account is brought to our attention again,
and we believe that such use violates the TOS, then we may terminate
your account without further notice.

Please do not reply to this email.  Any questions concerning Yahoo!'s
Services should be submitted through the on-line form in the help area
( http://help.yahoo.com ).


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]