[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Yahoo, was: Web based emails

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Yahoo, was: Web based emails
From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
Date: Sat, 24 Oct 2015 23:28:05 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1444208763; h=Sender:Content-Type:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Reply-To:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=BW8B2D0UB/ykp3Zea/cQVQ7hDiV8FaNxEy5SZG3NU3E=; b=hIJ+Rk8N06waHiFsDezBTZ9PPDySBlt/RV/bL4TJx/ZClHr+c2AqEFcAqrkFKKSO8UaAHkFEH0LXbveK+k8x8jFeYx3A/yJwPhZ0bEKgnvL36pgRQ2oP261QHVGuKSq9gZr+ONfKFpMiy8pKVW1ioyaCLsKD+4FSK4VqBpcE2zQ=;
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1445729285; bh=5FeA2QzukW0CRPaVzfJ3RmaEaqBZ0AEAYcNj5jICgBM=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=WFLyrR+oFn/OhSY9yexPavnXWJngZ5MOoXJIqV9OH0YUKrBGWhJQwVYKupef5HZ3L E+BJLPVPQ5F7jQy/fx1xosbOW+TjyL7/m78+f14Mu6xM4cW0JPhHnQa87xXK+bwf+e PQY035ttp7irxjtt6Eq6O/9InRuHRYkPVSwUdTG0=

On Sat, Oct 24, 2015 at 10:06:14PM +0300, Simon Waters wrote:
> One of the Yahoo email API issues was exploited by attackers using the index of
> address book contacts. So the address book wasn't directly leaked but they were
> still able to enumerate how many contacts you had and use them to add the
> element of "from someone I know" to the dodgy emails they sent.
> 
> E.g
> 
> Email this to address book entry 1, cc 2,3,4

Do you have a reference for this? It always looked like an API issue and
they had API issues in the past, but I haven't seen any such thing being
reported since we discussed them here after Mr Meowski's account, under
a previous name, had been spamming us.

Martijn.

Attachment: signature.asc
Description: Digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- [LUG] Web based emails
  - From: Neil Winchurst
- Re: [LUG] Yahoo, was: Web based emails
  - From: lug
- Re: [LUG] Yahoo, was: Web based emails
  - From: Adrian Midgley
- Re: [LUG] Yahoo, was: Web based emails
  - From: Simon Waters

Prev by Date: Re: [LUG] Identifying encrypted files.
Next by Date: Re: [LUG] Identifying encrypted files.
Previous by thread: Re: [LUG] Yahoo, was: Web based emails
Next by thread: Re: [LUG] Yahoo, was: Web based emails
Index(es):
- Date
- Thread