[Full-disclosure] Social engineering alert on Yahoo IM
kf_lists at digitalmunition.com
Fri Apr 15 15:23:30 BST 2005
I want a T-Shirt too!
>---------- Forwarded message ----------
>From: n3td3v <xploitable at gmail.com>
>Date: Apr 3, 2005 11:00 PM
>Subject: Social engineering alert on Yahoo IM
>To: Yahoo Security Contact <security at yahoo-inc.com>
>markiseiden (21:18:41): hi
>markiseiden (21:18:42): i seem to be one of your 4 "friends" on y360
>n3td3v (21:19:10): I took everyone off
>markiseiden (21:20:05): i sent you some queries last week about
>sending you a t shirt which you might want, but i need to know a size
>and postal addr
>n3td3v (21:20:29): I don't feel good about giving out my home address
>over the net
>markiseiden (21:20:43): don't you have any postal address which you
>consider safe enough to give out
>n3td3v (21:20:55): Not reall
>markiseiden (21:20:55): whereby something will get to you?
>n3td3v (21:21:07): I don't work
>markiseiden (21:21:25): got any friends who work, or are they all slackers?
>n3td3v (21:21:59): I keep my internet life sperate from my friends
>markiseiden (21:22:23): wow, i'm impressed. i haven't been able to do
>that for more than 20 years.
>n3td3v (21:22:59): I don't smell of roses though
>markiseiden (21:23:11): do you, in fact live in edinburgh?
>markiseiden (21:23:31): just curious, nice place (last time i was there)
>n3td3v (21:24:16): I don't want to state my *exact* location
>n3td3v (21:24:52): edinburgh is the nearest place people know
>n3td3v (21:25:04): who live out of UK
>n3td3v (21:25:15): so I say edinburgh
>markiseiden (21:25:33): but you live someplace rural rather than urban)
>markiseiden (21:26:16): i was in kyoto a few weeks ago, visiting a
>friend who lives in a house with rice paper walls and outdoor plumbing
>(both bath and toilet) ...
>markiseiden (21:26:29): but he had a fiber connection.
>n3td3v (21:26:35): I've been to kyoto
>n3td3v (21:26:51): Thats in Japan right?
>n3td3v (21:27:00): I backpacked Japan years ago
>markiseiden (21:27:21): yes.
>n3td3v (21:27:43): Random people walk upto you because they don't see
>n3td3v (21:27:50): and shake your hand
>n3td3v (21:27:56): Its surreal
>markiseiden (21:27:59): when backpacking, yes.
>markiseiden (21:29:26): or bicycling, particularly in the country.
>(but in japanese cities, there are western tourists everywhere).
>n3td3v (21:30:00): Yeah that was the case in toyko
>markiseiden (21:31:23): well, if you can think of someone who is
>willing to accept a t shirt and get it to you, get in touch. it will
>come from an anonymous sender in sunnyvale.
>n3td3v (21:31:51): Do you work at Yahoo or something?
>markiseiden (21:32:12): yes
>n3td3v (21:32:59): Why should I surrender my info, if you want to send
>it as anonymous sender. Thats not very fair is it. Plus I don't know
>you yet,a dn how do I know this isn't just a neat trick to get my
>n3td3v (21:33:09): I'm not that gullible
>markiseiden (21:33:11): you could google me for bona fides
>markiseiden (21:33:22): honestly, i don't think anyone is out to get you.
>n3td3v (21:33:28): That proves nothing
>markiseiden (21:33:36): well, nothing proves anything.
>markiseiden (21:33:53): if you don't want a t shirt, fine.
>markiseiden (21:34:01): if you do, also, fine.
>markiseiden (21:34:06): just tell me how to get it to you.
>n3td3v (21:34:16): You can have a great Google query, and still want
>my home address or location for some reason, thats not in my best
>markiseiden (21:34:38): look, if you google me you will see i have a
>reputation for some things, and you could read my postings over the
>last n years.
>n3td3v (21:34:57): Even if I set up a POBOX, someone could still sit
>outside and follow me back to my home or whatever
>markiseiden (21:35:32): yeah, if you're a terrorist or major criminal
>someone might do that.
>n3td3v (21:36:08): Or some insane guy with a grudge who wants to harm you, even
>n3td3v (21:36:21): I have online enemies
>n3td3v (21:36:28): I don't know you yet
>markiseiden (21:36:34): you mistake me for someone who gives a damn.
>n3td3v (21:36:39): I don't know how sincere your intentions are
>markiseiden (21:37:13): well, google me and get back if you get a
>better feeling. i don't know how else to reassure you.
>markiseiden (21:37:22): oh, did you go to ccc in berlin earlier this year?
>markiseiden (21:37:29): over xmas, i mean
>n3td3v (21:37:32): Whats ccc?
>markiseiden (21:37:43): chaos computer club/communication conference
>markiseiden (21:38:00): i guess you only hack yahoo and not in general
>n3td3v (21:38:14): Nah, I live my life on a shoe string. I don't have
>the money to travel around.
>n3td3v (21:38:19): I don't hack Yahoo
>n3td3v (21:39:36): Your being pretty forceful before I even know you
>n3td3v (21:39:58): What team at Yahoo are you at?
>n3td3v (21:40:04): security?
>markiseiden (21:40:13): you can if you have a high speed connection
>see a talk i gave with barry wels at ccc
>n3td3v (21:40:55): Are you at home right now or on a corporate computer?
>n3td3v (21:41:06): See, I can ask wierd uncomfortable questions as well
>markiseiden (21:41:07): home
>n3td3v (21:41:20): Whats your home address?
>markiseiden (21:41:24): where would i be on sunday morning
>n3td3v (21:41:42): I want to send you a t-shirt
>markiseiden (21:41:50): i have 2 of them but i have a po box and a work address
>markiseiden (21:42:14): both of which provide a bit of personal separation.
>n3td3v (21:42:21): I'd rather have your home address, unless your a
>terrorist or online criminal
>markiseiden (21:42:34): i said i don't care what address i send it to.
>markiseiden (21:43:20): do you have a fast enough connection to
>download a big media file? let me see if i can find our online ccc
>n3td3v (21:43:34): I use a DUN connection
>markiseiden (21:44:18): yikes, well that would never do, it's 500MB.
>n3td3v (21:45:11): What team at Yahoo are you with
>n3td3v (21:45:16): security?
>markiseiden (21:45:54): it's not called that.
>n3td3v (21:46:09): Whats it called
>n3td3v (21:46:21): incident response?
>markiseiden (21:47:10): here's a bio. you can click on the events
>link and see the slides.
>n3td3v (21:47:44): side dodging a simple question about where you
>work. you obviously have a hidden agenda
>markiseiden (21:48:08): i'm a consultant, i work for several places
>n3td3v (21:48:19): I asked about Yahoo
>n3td3v (21:48:31): Security advisor for Yahoo?
>markiseiden (21:48:52): i consult on such things, yeah.
>n3td3v (21:49:04): So you thought you should become my buddy
>markiseiden (21:49:38): no, i don't want to be your buddy. i just
>want to send you a bloody t shirt, because you seem to be an
>entertaining irritant, but even that is impossible.
>markiseiden (21:49:50): actually, it's a clean and new t shirt.
>n3td3v (21:49:54): If you/Yahoo really want my home address. You have
>my ISP on your server logs. Contact them with a police reference
>number, and I'm sure my ISp will release such info
>markiseiden (21:50:03): too much trouble.
>markiseiden (21:50:18): we don't really want your home address.
>n3td3v (21:50:25): No, you mean. I haven't done anything
>n3td3v (21:50:41): I don't hack Yahoo
>n3td3v (21:51:42): irritant?
>n3td3v (21:52:01): What have I done thats annonyed you so much
>n3td3v (21:52:15): I just help Yahoo when I hear of someone with an exploit
>n3td3v (21:52:20): and report it
>n3td3v (21:52:23): thats all
>markiseiden (21:52:28): in the sense that a grain of sand irritates
>the oyster into making a pearl.
>markiseiden (21:53:15): yes, that's my impression also. your reports
>are appreciated, when they're clear enough to understand.
>markiseiden (21:53:24): (particularly)
>n3td3v (21:55:24): I'm sorry
>n3td3v (21:55:31): I'm a good guy
>markiseiden (21:55:35): some of us just thought a t shirt would be a
>nice thing to do. apparently not. sorry for the intrusion.
>n3td3v (21:55:41): I don't mean to annoy anyone from Yahoo
>n3td3v (21:57:42): I just wish you would be friendly.. instead of this
>hostile approach since your first IM
>markiseiden (21:58:06): look, we've all been doing this for a very
>long time. i've worked on the defenses of dozens of people accused of
>computer crime, and a few prosecutions, too.
>n3td3v (21:58:26): I'm not a criminal
>markiseiden (21:58:28): it's impossible to be friendly with you, since
>you're so suspicious. it must be a hidden agenda.
>n3td3v (21:58:52): I don't have a criminal record
>n3td3v (21:59:10): I've never hacked anything online ever
>markiseiden (21:59:14): what i was trying to convey, is that i
>understand why people hack, having done it myself since the 60s.
>n3td3v (21:59:27): I don't hack
>markiseiden (21:59:53): okay, okay. but i do, in the noncriminal
>sense of the word.
>n3td3v (22:00:09): I don't in any sense of the word
>n3td3v (22:00:34): I see people talking about exploits and I report it
>n3td3v (22:00:38): Thats it
>n3td3v (22:02:04): Like I say on my website. I study hacker trends and
>n3td3v (22:02:11): also, I read news articles
>n3td3v (22:02:14): Thats it
>n3td3v (22:02:36): I ethically probably know how to hack, but i've never done it
>markiseiden (22:03:04): well, thanks.
>n3td3v (22:03:33): You don't need to be a terrorist or online criminal
>to not want to give out your location/home address
>n3td3v (22:03:39): over the net
>n3td3v (22:03:46): Its a pretty average thing
>markiseiden (22:04:21): look at what i referred you to and get back to
>me if you change your mind. if you google me you'll see my email
>address has been the same as my surname since 1989.
>n3td3v (22:04:37): Not online don't I know you, but Yahoo Messenger
>net isn't exactly immune from packet siffing bots
>n3td3v (22:04:45): not only*
>n3td3v (22:04:55): sniffing
>n3td3v (22:05:31): Be serious. The t-shirt is just a tactic to get
>some info about me
>markiseiden (22:05:39): not at all.
>n3td3v (22:05:56): I wasn't born yesterday. I was born 24 years ago
>markiseiden (22:06:25): too young to be so paranoid.
>markiseiden (22:07:43): if anyone really wanted to find you, they
>would offer you something of enough value that you would bite at it.
>n3td3v (22:07:52): No.
>n3td3v (22:07:58): I wouldn't bite period
>n3td3v (22:09:49): What do Yahoo have me labelled as to merit this
>n3td3v (22:10:14): A random employee contacts me out of the blue
>trying to know where I live
>markiseiden (22:10:25): i am not an employee.
>markiseiden (22:10:33): i don't care where you live.
>n3td3v (22:10:42): You said you worked for Yahoo
>markiseiden (22:10:45): i just want to send you a t shirt as a token.
>markiseiden (22:10:51): i am a consultant, not an employee.
>n3td3v (22:11:01): a token for what? being an irritant?
>n3td3v (22:11:25): Usually friends send gifts. Yet you don't even want
>to be my friend
>markiseiden (22:11:27): what you do has value and is appreciated.
>n3td3v (22:11:37): What do I do?
>markiseiden (22:11:44): reporting bugs and other problems.
>markiseiden (22:12:21): but if you can't find a way of accepting a
>token gift, so be it.
>markiseiden (22:12:29): i can't say anything more on this subject.
>n3td3v (22:13:52): Your social skills aren't that great are they
>n3td3v (22:14:29): I already speak to an employee of Yahoo on IM. He
>is alot more friendly, and not as rude
>markiseiden (22:14:31): nobody has accused me of having social skills.
> but you can look up that i have friends in orkut, friendster, linked
>in, or the like.
>markiseiden (22:14:56): i'm not trying to be rude.
>n3td3v (22:15:19): You've accused me of hacking Yahoo
>n3td3v (22:15:34): You work for Yahoo security team and want my home address
>markiseiden (22:15:47): i have not accused you of anything.
>n3td3v (22:15:48): Those are the facts I know about you so far
>n3td3v (22:16:04): This is a surreal IM
>markiseiden (22:16:14): and i don't want your home address.
>n3td3v (22:16:26): You did until you realised I wasn't falling for it
>markiseiden (22:16:40): any postal address whatsoever is what i asked for.
>markiseiden (22:17:05): that will result in your receiving a physical object.
>n3td3v (22:17:06): I can't do that. I would still be trackable to any
>markiseiden (22:17:21): why cannot be sent over the net, given current
>markiseiden (22:17:35): right, a malicious stalker will go after your
>n3td3v (22:17:43): POBOX's don't offer anonymity. Its the same as
>using an open proxy.
>markiseiden (22:18:43): sorry, i have other things to do today, like
>geeking chickens and talking with my kid about her college plans.
>n3td3v (22:19:09): Thats why you shouldn't mix your work with your home life
>markiseiden (22:19:36): to quote yoda, "when you my age are, then you
>can give me advice"
>n3td3v (22:19:57): Don't be smart. Age has nothing to do with it
>n3td3v (22:20:24): A 13 year old could have more skills than a 30 year old
>n3td3v (22:20:31): With regards to hacking
>n3td3v (22:20:50): Same for parental issues
>markiseiden (22:21:11): but with regards to how to conduct one's life,
>people are entitled to make their own choices.
>markiseiden (22:21:17): so i've got to go.
>n3td3v (22:21:21): Thats true
>markiseiden's status is now "out running errands" (03/04/05 22:21)
>n3td3v (22:21:49): Come back when you don't bring yourself across as a
>grade A weirdo
>markiseiden (22:21:50): out running errands
>markiseiden (22:22:13): sorry, as a weirdo i'm a lifer. ask my friends.
>n3td3v (22:22:35): I'll show this IM to some people I know, and let them decide.
>markiseiden (22:23:47): as you like. i hope no trouble will come of it.
>n3td3v (22:24:05): You might lose your job actually.
>n3td3v (22:24:19): You never know
>markiseiden (22:24:20): hah, very funny.
>n3td3v (22:24:52): Yeah.. I don't have much infulence at Yahoo Inc do I
>n3td3v (22:25:02): I'm just seen as some kid
>n3td3v (22:25:06): Thats cool
>n3td3v (22:28:13): I would love to be able to help you improve
>security at Yahoo, but you just want my home address.
>markiseiden (22:28:32): look, before i go, tell me the size of the
>shirt (unless it's medium)
>markiseiden (22:28:47): cuz last time we ran out of small and xxl
>n3td3v (22:29:35): geocities.com/n3td3v/profile.html
>n3td3v (22:29:55): Thats the only personal info i give out
>markiseiden (22:30:00): (or not)
>markiseiden (22:30:24): i have never spent an hour and ten minutes
>trying to get someone a t shirt before. you hit my limit.
>n3td3v (22:30:38): I don't want a t-shirt
>n3td3v (22:30:43): no offence
>markiseiden (22:30:51): no offense intended.
>markiseiden (22:31:04): (or taken, i mean)
>markiseiden (22:31:19): bye.
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.