On Wed, 7 Jul 2004 19:54:59 +1000, Geoffrey Huntley <[EMAIL PROTECTED]> wrote: > OMG MY E-PENIS > YOUR E-PENIS. > > Jesus christ.
Yahoo! spend very little time preventing security blunders from happening. They would rather wait until the problem comes to them than preventing the whole thing from ever happening. Take Yahoo! Messenger for instance. They build the client over 6 months and rush the coding. Yahoo! care more about deadlines for projects, than checking protocol's for potential vulnerabilities before release. The end result? People get disconnected from Yahoo! Chat/Messenger or have cookies stolen (because the system is handing them out, because of obvious and petty flaws on protocol) and in the end, the consumer loses the account to script kiddies. Why sweep up from the aftermath of a major security incident due to messy coding, when you can take an extra month on a project to review potential vulnerabilities, saving everyone alot of time and energy and money in the long run. If every vulnerability that Yahoo! has had and still has was disclosed on Full-Disclosure, they'd look just as bad as Microsoft do at the moment. Geoffery loves my e-penis. Cheerio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
