Full Disclosure: Re: What makes Yahoo! a good merger candidate?

Re: What makes Yahoo! a good merger candidate?

From: Ferdinand Klinzer <Klinzer () gmx de>
Date: Wed, 6 Feb 2008 13:22:17 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think the adress is

security () yahoo com

Cheers

Ferdinand from Germany

Am 06.02.2008 um 11:58 schrieb Vincent van Scherpenseel:

Their abuse policy of course!

Last week a client's server was being attacked (some old Tomcat5 vuln)
and used to attack other servers (ssh login guessing). The results of
these dictionary attack were being mailed to the address
'blax2004us () yahoo com':
cat vuln.txt |mail -s "Lame Gang Us Roots" blax2004us () yahoo com

After I addressed the vulnerability I decided to contact yahoo.com  
about
this issue. Of course the only way to do this was by browsing the
Yahoo.com site for any abuse/security contacts. After a while I  
found a
form I could use to notify them of abuse of their services. So I wrote
them a quick explanation about what was going on including the e-mail
address of the account used to harvest passwords.

After a couple of hours I received an e-mail from 'Marcus' a Yahoo!
Customer Care representative (44592956) asking me to provide a the  
full
subject and other headers from the spam I had received.

After writing back kindly that I had no spam complaint but wanted to
report the mal-use of an account of theirs I received another reply a
little while later asking me to provide my *personal* information  
about
my account and what errors I got when I tried to login. Well, I don't
even *have* an Yahoo! account.

So, what do you do when you want to report something like this? In  
fact
I'm doing them a favor by reporting but all I got is this lousy
response. I'll have to think twice about reporting something like this
next time...

Does anyone know an Yahoo! security contact that actually does his  
job?

Kind Regards,
Vincent van Scherpenseel

-- 
ServerFloor.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFHqaZ5ivpgT1glX4cRAoiGAKCmtLIJk0zsxBr7+DxUknYpHdm34ACcCxPx
FJpUA2qj8Bv9q7ehmt8dk60=
=e2B1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

What makes Yahoo! a good merger candidate? Vincent van Scherpenseel (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Ferdinand Klinzer (Feb 06)
- Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
  - Re: What makes Yahoo! a good merger candidate? Valdis . Kletnieks (Feb 06)
    - Re: What makes Yahoo! a good merger candidate? Harry Hoffman (Feb 06)
    - Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 06)
    - Re: What makes Yahoo! a good merger candidate? worried security (Feb 06)
    - Re: What makes Yahoo! a good merger candidate? Harry Hoffman (Feb 06)
    - Re: What makes Yahoo! a good merger candidate? Tonnerre Lombard (Feb 07)
    - Re: What makes Yahoo! a good merger candidate? Christian Kujau (Feb 07)
    - Re: What makes Yahoo! a good merger candidate? Paul Schmehl (Feb 07)
    - Re: What makes Yahoo! a good merger candidate? Chris 'Chipper' Chiapusio (Feb 07)

(Thread continues...)