[18652] in bugtraq
Re: Yahoo! Instant Messenger
daemon@ATHENA.MIT.EDU (Matthew Keller)
Tue Jan 16 19:15:43 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A64833F.1F2F6141@potsdam.edu>
Date: Tue, 16 Jan 2001 12:22:07 -0500
Reply-To: Matthew Keller <kellermg@POTSDAM.EDU>
From: Matthew Keller <kellermg@POTSDAM.EDU>
X-To: "Michael S. Fischer" <michael@DYNAMINE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
"Michael S. Fischer" wrote:
> The third statement of this paragraph is untrue -- Almost every transaction
> at Yahoo! involving money uses the Yahoo! wallet system, which uses a
> separate password from the one used by YIM and the other "standard"
> (non-financial) services.
You're assuming that the person who holds both a YIM account and a
Wallet account uses a different password. I'd bet willing to wager that
near five-9's of the YIM/wallet users use the same account name and
password, thus making any disclosure of their password a problem.
--
Matthew Keller
WebMaster, Interim Network Manager &
Host Systems Analyst
Computing & Technology Services
Information Services Division
State University of New York at Potsdam
Website: http://mattwork.potsdam.edu/
PGP: http://mattwork.potsdam.edu/crypto/
