-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think the adress is
[EMAIL PROTECTED] Cheers Ferdinand from Germany Am 06.02.2008 um 11:58 schrieb Vincent van Scherpenseel: > Their abuse policy of course! > > Last week a client's server was being attacked (some old Tomcat5 vuln) > and used to attack other servers (ssh login guessing). The results of > these dictionary attack were being mailed to the address > '[EMAIL PROTECTED]': > cat vuln.txt |mail -s "Lame Gang Us Roots" [EMAIL PROTECTED] > > After I addressed the vulnerability I decided to contact yahoo.com > about > this issue. Of course the only way to do this was by browsing the > Yahoo.com site for any abuse/security contacts. After a while I > found a > form I could use to notify them of abuse of their services. So I wrote > them a quick explanation about what was going on including the e-mail > address of the account used to harvest passwords. > > After a couple of hours I received an e-mail from 'Marcus' a Yahoo! > Customer Care representative (44592956) asking me to provide a the > full > subject and other headers from the spam I had received. > > After writing back kindly that I had no spam complaint but wanted to > report the mal-use of an account of theirs I received another reply a > little while later asking me to provide my *personal* information > about > my account and what errors I got when I tried to login. Well, I don't > even *have* an Yahoo! account. > > So, what do you do when you want to report something like this? In > fact > I'm doing them a favor by reporting but all I got is this lousy > response. I'll have to think twice about reporting something like this > next time... > > Does anyone know an Yahoo! security contact that actually does his > job? > > Kind Regards, > Vincent van Scherpenseel > > -- > ServerFloor.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFHqaZ5ivpgT1glX4cRAoiGAKCmtLIJk0zsxBr7+DxUknYpHdm34ACcCxPx FJpUA2qj8Bv9q7ehmt8dk60= =e2B1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
