--On Wednesday, February 06, 2008 11:58:31 +0100 Vincent van Scherpenseel <[EMAIL PROTECTED]> wrote: > > So, what do you do when you want to report something like this? In fact > I'm doing them a favor by reporting but all I got is this lousy > response. I'll have to think twice about reporting something like this > next time... > > Does anyone know an Yahoo! security contact that actually does his job? >
You do this the old fashioned way. # dig -t MX yahoo.com ; <<>> DiG 9.3.3 <<>> -t MX yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10018 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 7, ADDITIONAL: 14 ;; QUESTION SECTION: ;yahoo.com. IN MX ;; ANSWER SECTION: yahoo.com. 1058 IN MX 1 g.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 a.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 b.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 c.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 d.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 e.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 f.mx.mail.yahoo.com. # telnet f.mx.mail.yahoo.com 25 Trying 209.191.88.247... Connected to f.mx.mail.yahoo.com. Escape character is '^]'. 220 mta378.mail.mud.yahoo.com ESMTP YSmtp service ready EHLO hostname.utdallas.edu 250-mta378.mail.mud.yahoo.com 250-8BITMIME 250-SIZE 31981568 250 PIPELINING MAIL FROM: [EMAIL PROTECTED] 501 Syntax error in parameters or arguments MAIL FROM: <[EMAIL PROTECTED]> 250 sender <[EMAIL PROTECTED]> ok RCPT TO: [EMAIL PROTECTED] 501 Syntax error in parameters or arguments RCPT TO: <[EMAIL PROTECTED]> 250 recipient <[EMAIL PROTECTED]> ok RCPT TO: <[EMAIL PROTECTED]> 250 recipient <[EMAIL PROTECTED]> ok RCPT TO: <[EMAIL PROTECTED]> 250 recipient <[EMAIL PROTECTED]> ok RCPT TO: <[EMAIL PROTECTED]> 250 recipient <[EMAIL PROTECTED]> ok quit 221 mta378.mail.mud.yahoo.com Connection closed by foreign host. Pick your poison. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/