"Shaun O'Callaghan" <[EMAIL PROTECTED]> writes:
> This is performed to the many Yahoo! servers by a
> plain get request on the standard ports than YIM
> uses. As far as I am aware, this is affecting all
> clients on all operating systems. YIM passwords also
> are used for mail, calenders, bill paying, auction
> bidding (which hold CC numbers) well as other
> information including addresses on various users. I
> feel this is a very dangerous exploit and comes not
> long after I discovered the remote character buffer
> overflow vulnerability in a previous version, hope it
> was of some help.
The third statement of this paragraph is untrue -- Almost every transaction
at Yahoo! involving money uses the Yahoo! wallet system, which uses a
separate password from the one used by YIM and the other "standard"
(non-financial) services.
http://wallet.yahoo.com
--Michael
Michael S. Fischer <[EMAIL PROTECTED]> AKA Otterley
Lead Hacketeer, Dynamine Consulting, Silicon Valley, CA
Phone: +1 650 533 4684 | AIM: IsThisOtterley | ICQ: 4218323
"From the bricks of shame is built the hope"--Alan Wilder
