On Tue, 04 Jan 2005 14:18:49 +0200, Alex V. Lukyanenko <[EMAIL PROTECTED]> wrote: > > Quoting n3td3v, > > Because we all know Yahoo! has no account security, so kids aged 15 > > can hack an account. Yahoo! is like hacking for beginners. Its easy to > > do, and therefore a great network to learn skills.. bravo Yahoo!, you > > have a use after all. > Hm, hm. Yahoo's rudimentary security 'features' such as account > lockout policy (12 hours after several failed login attempts) is most > often used as a DoS against that account owner. > Plus numerous "booters" exploiting holes (read: buffer overflows) in > ypager.exe, and you have a perfect way to kick someone out from chat > and not let him/her/it return. > They (at Yahoo) try to make it harder to write your own chat > client/bot/messanger by slightly changing their CRAM (and still, it > was reversed, nevermind that it nowadays consist of several MD5-like > routines and is heavily obfuscated against casual reverse-engineers > :P) > > Couldn't hold myself, this is FD after all :) > > -- > Alex V. Lukyanenko | [EMAIL PROTECTED] | [EMAIL PROTECTED] > ---- > http://cards.alkar.net/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Thats the least of it. Yahoo! Messenger has no privacy. You can detect people who are invisible easily. A friend has developed a good open source project at buddy-spy.com You might want to check that out. Yahoo! Messenger team are scrambling to build a brand new robust and secure protocol for 2005, to particularly stop kids and vulnerable females from getting unwanted attention through the fundamental privacy flaws in the protocol my friend has been able to use to develop buddy-spy. If you're worried about your kids saftey on Yahoo! messenger, don't use it. At least until privacy flaws have been fixed. I could continue the list of Yahoo! glitches and flaws, but i'll leave it at the lack of privacy on Yahoo! Messenger for now. n3td3v, the greatest! Yahoo sec admins are no use. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
