[7590] in bugtraq
Re: Yahoo Pager auto-update
daemon@ATHENA.MIT.EDU (Texan Hawk)
Mon Aug 10 11:47:11 1998
Date: Mon, 10 Aug 1998 11:29:36 -0400
Reply-To: Texan Hawk <r_claypo@CSUNIX1.LVC.EDU>
From: Texan Hawk <r_claypo@CSUNIX1.LVC.EDU>
To: BUGTRAQ@NETSPACE.ORG
RE: Yahoo Pager auto-update
BY: ralf rudolph <rrudolph@artifex.de>
Yahoo has lost all of my respect consearning there security measures. You
most likely have been to rootshell in the past while, but in case you havn't
there was a program that would let you use the yahoo pager under anyone's
account you chose. It appears as if yahoo's pager gets he pw from the client
side and not the server itself. thusly if you load up this program it will log
you i as anyone. You can't do anything except send instant messages, but if
you sit there long enough or koow someone's yahoo pagername you could do a lot
of evil to them. You can't read mail, but still it's damaging.
any system that is so open to attack just deserves to be exployted.
Granted 2 Minutes and 3 Seconds for that post.
[Personal Tag]: I am worthless, totally worthless
Origin: Atomnos BBS * 412-766-8149
