Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Fwd: Continued threat continues

from [n3td3v] Network Security [Permanent Link]
Subject: [Full-disclosure] Fwd: Continued threat continues
Date: Fri, 28 Jul 2006 23:02:34 +0000 
---------- Forwarded message ----------
From: n3td3v <xploitable@gmail.com>
Date: Oct 25, 2005 3:59 PM
Subject: Continued threat continues
To: full-disclosure@lists.grok.org.uk


It has been reported via the n3td3v group news wire that the group has
surpassed its 600th member, adding to speculation that the group,
hosted on the Google Groups network is only going to grow larger.

The founder n3td3v since 1999 has been responsible for a number of
vendor-side reported incidents and vulnerabilities on the Google and
Yahoo network.

We're working with people to making the group as comfortable as possible.

Consumers are obviously being attacked via e-mail and IM right now
with phishing and pharming hacks. Although theres been alot of
corporate user hacking going on, its been noted, due to an up raise of
the Yahoo 360 service.

Corporate users with who are socially networking via Yahoo 360 service
is definitely a threat to corporate security. We can't see any way out
of it until Yahoo allows flexibility of privacy level for Yahoo 360,
with regards to its public social circle list.

Ultimately we've been calling for Yahoo 360 friends list to be
viewable by "friends only" by default. Allowing for this to be changed
later, by the consumer and corporate user, after "security warnings",
which we are also calling for at this time.

Right now, Yahoo 360 is a social networking service, with no option to
hide your social cirlcles. Many users especially corporate users, are
unaware of how exposed they've become to malicious hackers since the
service was launched March.

The Yahoo 360 service is allowing users to transfer whole Yahoo
Messenger lists and E-mail address book lists, over to the public
Yahoo 360 service, even if the user is unaware of privacy
complications this may cause.

Many folks are just unaware to how much information they've been
giving out. Its the responsibility of Yahoo to make those corporate
and consumer users on the service aware of what they're doing, before
they do it, instead of offering to allow users to expose social
circles on the fly.

Alot of this is allowing for phishing and pharming attacks, as well as
corporate hacking of employee computers with known and unkwown
vulnerabilities.

Just don't say mutter the words "Yahoo 360 worm", people might get worried.

Why are Yahoo helping the growth of global trends when they don't need
to, which will also have a side affect on their own users.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Fwd: Continued threat continues, n3td3v <=
Previous by Date:  Re: [Full-disclosure] Firefox fun, H D Moore
Next by Date:  [Full-disclosure] SMC Networks Inc security contact anyone?, Berend-Jan Wever
Previous by Thread:  [Full-disclosure] [ MDKSA-2006:134 ] - Updated ruby packages fix safe-level vulnerabilities, security
Next by Thread:  [Full-disclosure] SMC Networks Inc security contact anyone?, Berend-Jan Wever
Indexes:  [Date] [Thread] [Top] [All Lists]