[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Yahoo security give blogger the thumbs up
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Yahoo security give blogger the thumbs up
- From: Mark <markc@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 12 Mar 2006 16:21:52 -0500
This isn't confidential Yahoo information. It's not even confidential
ADP information -- any company who uses ADP's probusiness workcenter has
subjected its employees to this ridiculous password complexity
requirement.
On Sun, Mar 12, 2006 at 08:41:18AM -0800, SO SECURITY RESEARCH INSTITUTE wrote:
> Do you, uh, Yahoo?
> It appears no action will be taken against a Yahoo employee who disclosed
> confidential corporate side security information (with screenshots) to his
> weblog. This obviously gives the green light for anyone at Yahoo to do the
> same in the future. Why have a Yahoo policy if its not going to be inforced?
> Regardless of the security value of the blog entry, a clear breach of the
> confidentiality agreement between Yahoo and ADP has been made. Yahoo's
> response was "Jeremy is Jeremy, he can blog about anything he wants." Making
> it sound like if you're a celebrity Yahoo blogger then you can walk all over
> company policy. ADP were unavailable for comment at time of this message
> being submitted to Full-Disclosure mailing list. http://tinyurl.com/plqt3
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/