[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Yahoo recommends you write down account information

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Yahoo recommends you write down account information
From: n3td3v group <system_outage@xxxxxxxxx>
Date: Thu, 16 Mar 2006 06:21:14 -0800 (PST)

I think you people are missing the point entirely. Let me tooth pick it for you 
since you can't work it out yourself.
   
  On http://security.yahoo.com/about_passwords.html Yahoo say, never write down 
your password. If you do, make sure its kept in a nuclear bunker.
   
  However, on sucessfully creating a new account at 
http://edit.yahoo.com/config/register the wording says "Yahoo recommends you 
print out this page" and gives a print out functionality link.
   
  You see, they tell you NEVER to write down your PASSWORD on one site and 
contradict themselves on another by recommending you print out all the 
information you would need to get a new password.
   
  Don't under estimate my intelligence and  Valdis, I can't see how you could 
possibily know the scope in my mind thought of how a print out might be used in 
a real life scenario. The issue of printouts isn't a problem for home users as 
the other poster mentioned, The threat comes more in small business and large 
corporations. However, I wasn't looking into the serious side of how the print 
out would be used to actually compromise an account. I was more having some fun 
with Yahoo Security (and some of those folks I know personally over IM and 
Email), in the way security professionals at security.yahoo.com say one advice, 
but then folks who setup the edit.yahoo.com/config/register are saying another. 
In other words, a break down in co-ordination at Yahoo between the security 
team and the folks who look after config/register. Anyway I spoke with someone 
from security last night and they confirmed it was silly, and it was going to 
be fixed.
   
  See you guys later,
   
  n3td3v (not system_outage :P)
  
Valdis.Kletnieks@xxxxxx wrote:

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Yahoo recommends you write down account information
  - From: Valdis . Kletnieks
- [Full-disclosure] Re: Yahoo recommends you write down accountinformation
  - From: Dave Korn

References:
- Re: [Full-disclosure] Yahoo recommends you write down account information
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1003-1] New xpvm packages fix insecure temporary file
Next by Date: [Full-disclosure] Re: Re: HTTP AUTH BASIC monowall.
Previous by thread: Re: [Full-disclosure] Yahoo recommends you write down account information
Next by thread: Re: [Full-disclosure] Yahoo recommends you write down account information
Index(es):
- Date
- Thread