<br>
<div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">From: n3td3v <<a href="mailto:xploitable@gmail.com">xploitable@gmail.com</a>><br>
Date: Oct 25, 2005 3:59 PM<br>Subject: Continued threat continues<br>To: <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br><br><br>It has been reported via the n3td3v group news wire that the group has
<br>surpassed its 600th member, adding to speculation that the group,<br>hosted on the Google Groups network is only going to grow larger.<br><br>The founder n3td3v since 1999 has been responsible for a number of<br>vendor-side reported incidents and vulnerabilities on the Google and
<br>Yahoo network.<br><br>We're working with people to making the group as comfortable as possible.<br><br>Consumers are obviously being attacked via e-mail and IM right now<br>with phishing and pharming hacks. Although theres been alot of
<br>corporate user hacking going on, its been noted, due to an up raise of<br>the Yahoo 360 service.<br><br>Corporate users with who are socially networking via Yahoo 360 service<br>is definitely a threat to corporate security. We can't see any way out
<br>of it until Yahoo allows flexibility of privacy level for Yahoo 360,<br>with regards to its public social circle list.<br><br>Ultimately we've been calling for Yahoo 360 friends list to be<br>viewable by "friends only" by default. Allowing for this to be changed
<br>later, by the consumer and corporate user, after "security warnings",<br>which we are also calling for at this time.<br><br>Right now, Yahoo 360 is a social networking service, with no option to<br>hide your social cirlcles. Many users especially corporate users, are
<br>unaware of how exposed they've become to malicious hackers since the<br>service was launched March.<br><br>The Yahoo 360 service is allowing users to transfer whole Yahoo<br>Messenger lists and E-mail address book lists, over to the public
<br>Yahoo 360 service, even if the user is unaware of privacy<br>complications this may cause.<br><br>Many folks are just unaware to how much information they've been<br>giving out. Its the responsibility of Yahoo to make those corporate
<br>and consumer users on the service aware of what they're doing, before<br>they do it, instead of offering to allow users to expose social<br>circles on the fly.<br><br>Alot of this is allowing for phishing and pharming attacks, as well as
<br>corporate hacking of employee computers with known and unkwown<br>vulnerabilities.<br><br>Just don't say mutter the words "Yahoo 360 worm", people might get worried.<br><br>Why are Yahoo helping the growth of global trends when they don't need
<br>to, which will also have a side affect on their own users.</blockquote><div><br>
</div><br></div>OMIGAWD!!! You've surpassed all previously known drama-queeniness<br>