This isn't confidential Yahoo information. It's not even confidential ADP information -- any company who uses ADP's probusiness workcenter has subjected its employees to this ridiculous password complexity requirement.
On Sun, Mar 12, 2006 at 08:41:18AM -0800, SO SECURITY RESEARCH INSTITUTE wrote: > Do you, uh, Yahoo? > It appears no action will be taken against a Yahoo employee who disclosed > confidential corporate side security information (with screenshots) to his > weblog. This obviously gives the green light for anyone at Yahoo to do the > same in the future. Why have a Yahoo policy if its not going to be inforced? > Regardless of the security value of the blog entry, a clear breach of the > confidentiality agreement between Yahoo and ADP has been made. Yahoo's > response was "Jeremy is Jeremy, he can blog about anything he wants." Making > it sound like if you're a celebrity Yahoo blogger then you can walk all over > company policy. ADP were unavailable for comment at time of this message > being submitted to Full-Disclosure mailing list. http://tinyurl.com/plqt3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
