[Dshield] Need help with Yahoo

Roberts, Chris CRoberts at Limitedbrands.com
Wed Feb 25 18:12:34 GMT 2004

Anyone out there know anyone inside Yahoo's security team I could contact
regarding someone account, seems as if it was hacked, and info changes...and
they can't get their account back!
(Yahoo's way of verifying ID is DoB, and alternate address, guess what, if
you change it once you've hacked their account they are totally locked
out...and seems as if Yahoo couldn't give a damm)

Yahoo's "Security page" is useless, and the default answer I received back
was no help at all.

So, apart from running a brute force attack against their userID to see if
the idiot that took over her account left a "normal" password, I seem to
have run out of options.

Thoughts etc?



Your E-Mail has been eaten by my machines, the response above has been
generated by an auto pilot program.
Phone: (614) 415-7517 (DC3) (614) 577-2670 (DC4) 
Pager: (888) 434-7850 (@skytel.com) 

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Jon R. Kibler
Sent: Wednesday, February 25, 2004 12:00 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Anyone seen

Jeff Kell wrote:
> Jon R. Kibler wrote:
> >> I started seeing ARP broadcast (from various IPs on my network)
> >> last week using ethereal.
> > Also, the fact that you are seeing a lot of ARP packets is a MAJOR
> > RED FLAG of another problem -- you are using shared Ethernet -- which
> > is a MAJOR security risk. You really should replace all of your hubs
> > with switches -- or, at least in the future, only buy switches.
> Not so fast.  Initial ARPs are broadcast (ff-ff-ff-ff-ff-ff) and will go
> to every host, even on a switch.  A switch or router may proxy a reply,
> but it is perfectly normal to hear broadcast ARPs.
> Now if you receive *unicast* ARPs, or unsolicited unicast ARP replies,
> somebody on your segment is probably running ettercap or dsniff.
> Jeff

Okay, you're right... I am just accustom to configuring switches to proxy
all ARPs and forgot that some would let ARPs pass. I stand corrected.

However, I leave stand my statement that you should consider replacing all
hubs with switches.

Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list