Re: [Full-disclosure] Zotob Worm Remover

From: n3td3v (xploitable_at_gmail.com)
Date: 08/22/05

  • Next message: Ill will: "Re: [Full-disclosure] Zotob Worm Remover"
    Date: Mon, 22 Aug 2005 20:01:26 +0100
    To: full-disclosure@lists.grok.org.uk
    
    

    On 8/22/05, Todd Towles <toddtowles@brookshires.com> wrote:
    > Wireless really isn't a issue.

    Thats your opinion, to me its the issue of today/tomorrow. Its the
    main way hackers are going to hack corporations in the future. It'll
    be the basis of many an incident for response teams to handle. You
    may not be on my mind set but i've been at this game a while now, and
    I try and warn corporations weekly of the threat of wireless hacking.

    Employees of Yahoo Inc have been taking pictures of cars outside at
    Sunnyvale, this is also a security risk for them. However Yahoo fail
    to see what I see, and thats a major breach in security where
    employees are helping hackers to identify cars belonging to
    employees/partners/day visitors and students who visit Yahoo. .

    http://www.flickr.com/photos/ycantpark Yahoo aren't doing an internal
    investigation into those behind this Flickr account and my calls for
    it to be shutdown have been ignored. New pictures are published
    periodically.

    The photos are ment to be showing cars in bad parking positions but
    the wireless threat outweighs that of bad parking. The owners of those
    cars didn't get a choice to weather thier car and number plates were
    published on the internet by Y employees who are ment to be
    responsible adults?

    Funnily the responsible adults did hide the telephone number of
    "mission control" but didn't see the problem in publishing the cars
    themselves and the number plates of those cars in full display on an
    intended public Flickr account.

    This issue has been on-going since an employee working for Yahoo
    Search published the link to the Flickr account on his high profile
    blog.

    Within hours of his blog entry being published I attempted to IM him
    to ask him to remove the entry, he ignored me. The media then picked
    up on the blog entry, but only running the story in the context the
    blog entry intended (bad parking), however no one to date, apart from
    me has raised security fears on the situation.

    After being ignored by the blog author, I later made attempts to
    contact Yahoo to have a full internal investigation into those
    employees behind the Flickr account. Those employees to this day
    remain anonymous, and updates to the Flickr account have been made,
    signaling that no actions behind the scenes have been taken to stop
    future photos of cars outside of Yahoo being published on the internet
    without full consent by the owner of the automobiles featured on the
    Flickr account.

    -
    The blog entry which sparked this off is still online to this day.
    -
    -
    The Flickr account is still being updated and no one is listening to
    my calls for it to be shutdown.
    -
    Security at Yahoo don't see the security threat posed here. I know different.
    -
    Its now August and i've been trying since June/July 2005 to get
    something done, before Yahoo gets hacked because of these Yahoo
    employees who are putting these pics online.
    -
    International hackers will end up using these pictures to compromise
    computers within Yahoo's HQ.
    -
    Don't wait for the worst to happen before something is done. Take
    preemptive measures now.
    -
    If you think this is off-topic from worms like Zotob, think again.
    -
    http://www.geocities.com/n3td3v
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Ill will: "Re: [Full-disclosure] Zotob Worm Remover"

    Relevant Pages

    • RE: [Full-disclosure] Zotob Worm Remover
      ... You stated that wireless is the main reason that the worm got into ... > Employees of Yahoo Inc have been taking pictures of cars ... > full display on an intended public Flickr account. ...
      (Full-Disclosure)
    • Re: [Full-disclosure] obtai an IP of an MSN Messenger contact
      ... this yahoo employee offers great tips for international hackers ... to target individual employees. ... but by the countless corporate users who post in his ... On messenger though, not even corporate users use a proxy, even though ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Fwd: n3td3v has a fan
      ... Car tags are personally identifiable information and therefore should ... permission for taking photos. ... And I was angry that Mark Seiden and others at Yahoo weren't going to ... photos were published of the parking lots of Yahoo of employees who ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Fwd: n3td3v has a fan
      ... Bruce Schneier's new view on Security Theater ... Security threater is good because it scares potential terrorists from ... And I was angry that Mark Seiden and others at Yahoo weren't going to ... photos were published of the parking lots of Yahoo of employees who ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Noise
      ... So let me see if I get this right, yahoo employees are trying to tap ... issues" within the media that you currently blog about. ... Full-Disclosure - We believe in it. ...
      (Full-Disclosure)