New format for Yahoo Mail hacking

[UrDaddy]

Originally posted here by AciDriveHB
Actually I think I will email the guy and see if I get a responce, just so we can make something of it (possibly)
~AciD

Yes, I agree. I think it will be interesting playing around with that theory.

I can't wait to see haquer's definition of 'e-mail hacking'. LMAO

[jared_c]

Edit: Revised this post to be a little more friendly. Sometimes I get steamed and use some pretty foul language. :-)

I find it disturbing that this guy got neg-ed to death for this post. This guy simply stated he was aware of a Yahoo vulnerability and was willing to share info if interested. He did not say something stupid like "I can teach you how to hack into Yahoo e-mail!". Some of you claim to have neg-ed him because you think he is lying. Well, since he got neg-ed to the point of being banning, I guess we'll never know.

I always consider security bugs in Yahoo (and other similar services) pretty serious. Considering that the service is so widely used, I think that anyone interested in computer security should find this issue interesting if nothing else. But instead of thinking that maybe there are people out there that consider this important, you neg the guy until he is banned. And let's face it. The only reason why is because he mentioned Yahoo instead of something else you people are interested in.

I guarantee that if the word "Yahoo" was replaced with "Slackware", he would have NEVER got neg-ed. Probably would have been given positive points for bringing it to the attention of everyone. Half the people here would want to know about it so they can patch their systems. But since it was Yahoo, he got neg-ed to death. That's pretty pathetic. Just because you don't use Yahoo, many others still do. There are people that use simple applications instead of dedicating their life to learning complex ones. There is nothing wrong with that. In fact if it wasn't for those people, many of you wouldn't have anything to brag about or to act all high and mighty about. Yet, you neg the guy until he is banned. For making a post that is in fact on topic. Yea, that's right, a security issue in Yahoo is still a computer security topic.

Maybe it should be specified up top of this site: "Computer Security WE FEEL is important". God forbid someone posts a security issue about an application you don't use.

[Tiger Shark]

Jared: You make a good point..... You probably didn't need to lob the insults around though. If Haquer had possession of a new exploit don't you think we'd also have heard about it though. This is the guy who also says he has an FTP site with longhorn on it.

In other circumstances your indignation would be appropriate, (when we know there is an exploit out there but the code is yet to be made public and someone comes on and says thay have it), but I do think that in this case you went a little off the deep end for someone who probably deserves the negs anyway.......

Just my 2c.....

[AciDriveHB]

I think it was exactly how he presented himself. He was saying he got an offline IM and that if anyone wanted to let him know. When exactly has anyone gotten any information from an offline message that was creditable when dealing with security? Especailly when it was that product? He gave us no information at all in who sent it, what it was about? I don't understand why he didn't post the message here in the tread?

Plus have you looked at this s thread?

Hello all. I just wanted to let you guys know that I have Windows Longhorn v.4015 on an ftp server. I am willing to deal and\or trade with some one for this operating system. I also have Windows 2003 Server. If anyone is interested, please either post here or email ssgtkole@go.air-force.com.

Doesn't exactly sound like he was all up to par with our theme of not hacking and Warez and such.

Just a thought...
~AciD

[edit] that's what I get for forgetting to hit the submit button [/edit]

[draziw]

I would also echo Jared's comments, though agree that Haquer should have presented his case/ideas a bit better were he wanting to be listened to, etc. Simply neg'ing people in to oblivion for mentioning hacks to Yahoo, Hotmail, AOL/AIM, Microsoft, or any of our other "favorite pieces of bugware" or such is, well... I don't exactly agree with it.

At the same time, I don't necessarily believe that "we'd simply know about it if it existed already" -- could be a Day 0 bug or something that's still in a pre-announcement phase that no one's mentioned... or still just a work-in-progress (though again, given the way the case was presented, more likely just a k00l d00d trying to get a response).

Guess I'll throw my own $0.02... FWIW... *shrug*


[edit]
And, yeah... just as AciDriveHB said, as our messages crossed in-flight... doesn't sound like this guy was "quite up to presenting his case" -- doesn't mean he didn't somehow have a line on something, but, well... *shrug*

But, if all spam were to be believed, I'd be filthy rich and my penis would be a few miles long by now, I think...
[/edit]

[AciDriveHB]

LOL you guys are making good points about not negging him. But the whole fact of the AP system to start with is the fact that we give them out when we don't like something. Haquer should have read the FAQ's of the site and actually "lurked" around and saw how we worked. Then maybe he would have been more informative about his information.

I think most of us go on gut feeling about newbies like this. And I would have to say 90% we are right about their intentions. Though we have a ton of newbies coming through here and such and don't get on their case unless we have reason. Personally I think we have a reason to be wonder what exactly Haquer was trying to get at.

I did send him an email, I also visited his website and sent him another email about it. So we will see if I get any responce.

~AciD

[Fred Brown]

Yea, I use Yahoo, my son uses Yahoo, and my daughter uses Yahoo. I would have liked to know what he had to say. Well, maybe someone else will have that info. I hate to think we missed a chance to fix the problem. We could have been heros instead of Pac Men. On the other hand it could have be a trap. We have to wait and see, maybe.

Freddy

[moxnix]

Fred Brown said:

. We could have been heros instead of Pac Men

OK:

[kr4y3]

I doubt this is what the guy was talking about but i ran across an exploit at packstorm that allows a user to

Exploit for Yahoo Messenger, Yahoo Module that allows for remote command execution on a victim machine via bad URI handling. Requires the victim to view the html. Homepage: http://www.dtors.net/. By bob

like i said i doubt this is what the guys was talking about but here it is anyway.

[tammy_hope]

Im so fed up with all this bull about email accounts getting "hacked" get over it.
If u do not like it then DONT use Email. hell Dont use the inter net, there is allways going to be some idiot out there thinking that he/she is all that just cos thay "hacked" an account.
Get over it, keep ur security high and change pass words regurlly tho simontainusly and dont do what the bank telles you "we recomend using to diffrent passwords and altering between the to". that is just idiousy. use a dif password every time and please nothing ovious.
thay are going to do it one way or enouther. so make it HARD for them in hopes thay will fail or give up.

If u dont like it then dont do it.


Nightfalls_Girl