Showing posts with label yahoo. Show all posts
Showing posts with label yahoo. Show all posts

Monday, March 20, 2017

Chop That Dollar

Its been quite some time since I've received a 419 spam message in my inbox. But - like matter itself - 419 never dies - only changes form. I found the message below in my inbox this morning.

I was pleased to note that the message originated from Yahoo, and contained several classic red flags for spam that even the neophyte mail server admin knows to watch out for, like from & reply-to headers with different different domains. This is the kind of l33t security I've come to expect from Yahoo. But hey, the Russians did it, and no one can be expected to secure their customers from state sponsored attacks. Susan here is no doubt a member of Nigeria's elite NIA.


From: Susan ***** desmondwilliams614 yahoo.com
Subject: Hello,
Date: Sat, 18 Mar 2017 12:12:52 +0000 (UTC)
Reply-To: desmondwilliams614 yahoo.com Susan ***** deswill0119 yahoo.fr

Hello,

Greetings. With warm heart I offer my friendship and greetings, and I hope that this mail will 
meets you in good time. However strange or surprising this contact might seem to you as we have
not meet personally or had any dealings in the past. I humbly ask that you take due 
consideration of its importance and immense benefit. My name is Susan Williams from Republic of
Sierra-Leone. I have something very important that i would like to confide in you please,I have
a reasonable amount of money which i inherited from my late father (Nine Million Five Hundred
thousand United States Dollar}.US$9.500.000.00.which I want to invest in your country with you
and again in a very profitable venture. Currently I am residing in Ivory coast now with my
Brother Desmond Williams where my late father deposited the money, so i will like you to reply
me immediatly[sic] so that i will give you more details about everything. Iam[sic] expecting
your reply for more explanation. Please i am urgently waiting for your response and I am
conceding 15% of this money to you for your efforts assistance.

I will wait to hear from you.
Thanks and God bless you.
Our sincere regards to you,

Susan and Desmond Williams


The NIA's battle cry:

Tuesday, August 4, 2015

Afternoon Links 8/4/2015

I am a victim of my nostalgia. Yesterday, I revived a years-old post in which I provided bloggees with some of the latest Windows activation keys to update the data for Windows 10. I figured I might as well dredge up another bit I had let fall by the wayside; Weekly links! Exciting, I know.

   - Yahoo's ad network and Microsoft Azure's web hosting service were abused to circulate an enormous flood of malicious software. Malwarebytes is being credited with the discovery - which is a little amusing because Malwarebytes has for had their own issues with security for many years. h/t Washington Post

    - Planned Parenthood and a variety of other related organizations were brought offline by a sustained series of DDoS attacks. In what may or may not have been the work of the same group of individuals, someone has claimed they have hacked Planned Parenthood and retrieved an employee list database of some kind or another.
     AFAIK, this sort of thing is new to the abortion debate in the US - honestly the only political debates where this sort of thing typically comes to the fore are "internet" issues surrounding surveillance, cryptocurrency and the like. The "Culture Wars" are fought in city halls, lobbyist offices and in the bank transfers of PACs rather than through data center Meet Me rooms.
    Personally I am interested in finding out if the DDoS was outsourced or if there is, in fact, a pro-life botnet. Will online hooliganism become a part of the political conversation? h/t Rolling Stone

   - The Electronic Frontier Foundation and Muck Rock have partnered to file a butt-load of FOIA requests in order to provide the public with a better understanding of how biometrics is being used by law enforcement and federal government agencies to provide street level, warrantless surveillance of ordinary Americans. h/t Muck Rock

   - In a strange move, DHS Deputy Secretary Alejandro Mayorkas said that some provisions of the Cybersecurity Information Sharing Act (CISA) “could sweep away important privacy protections” and that proposed legislation “raises privacy and civil liberties concerns.” Apparently Mayorkas found nothing ironic about this statement, while the news outlets who retyped the message for public consumption found it completely normal. h/t Russia Today

Tuesday, July 28, 2015

Hotmail is bouncing bugtraq mailing list emails from Yahoo

What really irks me about this is that I deliberately use gigantic, stupid MTAs like gmail and live mail to deliberately avoid this sort of garbage (deliberately). Those familiar with administrating large volume email can appreciate that you can perfectly configure your mail server and end up bounding all over the place because almost everyone with a mail server is not an actual email administrator and has no clue what they are doing. Email, like high school, is ultimately all about popularity. Even the least competent of email server owners will eventually get tech support to make sure google and microsoft can deliver to and receive from their Zimbra abomination.

At least that's what I figured until I started getting bounces like the one below. It seems Microsoft has decided that Security Focus mailing lists are too dangerous. To step up the oddity of this policy, bounces only occur when the originating MTA is with Yahoo. I can receive email directly from securityfocus.com. I can receive email from securityfocus.com when the originating mail server is a one-off IP address from Finland that is part of a DSL netblock. But Yahoo is a bridge too far. Stupid stupid stupid.

Return-Path: <>
Received: (qmail 22048 invoked from network); 15 Jul 2015 15:26:46 -0000
Received: from sf01mail1.securityfocus.com (HELO mail.securityfocus.com) (192.168.120.35)
by lists.securityfocus.com with SMTP; 15 Jul 2015 15:26:46 -0000
Received: (qmail 27445 invoked by alias); 15 Jul 2015 15:26:31 -0000
Received: (qmail 21710 invoked from network); 15 Jul 2015 15:26:06 -0000
Received: from sf01smtp2.securityfocus.com (192.168.120.34)
by mail.securityfocus.com with SMTP; 15 Jul 2015 15:26:06 -0000
Received: by sf01smtp2.securityfocus.com (Postfix)
id E771981455; Wed, 15 Jul 2015 10:31:59 -0700 (PDT)
Date: Wed, 15 Jul 2015 10:31:59 -0700 (PDT)
From: MAILER-DAEMON@securityfocus.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: bugtraq-return-55766-(redacted)=live.com@securityfocus.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="5D865812F6.1436981490/sf01smtp2.securityfocus.com"
Content-Transfer-Encoding: 8bit
Message-Id: <20150715173159 data-blogger-escaped-.e771981455="" data-blogger-escaped-sf01smtp2.securityfocus.com="">

This is a MIME-encapsulated message.

--5D865812F6.1436981490/sf01smtp2.securityfocus.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host sf01smtp2.securityfocus.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<(redacted)="" live.com="">: host mx4.hotmail.com[65.55.92.152] said: 550 5.7.0
(SNT004-MC2F10) Unfortunately, messages from (143.127.139.113) on behalf of
(yahoo.com) could not be delivered due to domain owner policy restrictions.
(in reply to end of DATA command)

--5D865812F6.1436981490/sf01smtp2.securityfocus.com
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; sf01smtp2.securityfocus.com
X-Postfix-Queue-ID: 5D865812F6
X-Postfix-Sender: rfc822; (redacted)@securityfocus.com
Arrival-Date: Wed, 15 Jul 2015 10:18:42 -0700 (PDT)

Final-Recipient: rfc822; (redacted)@live.com
Action: failed
Status: 5.7.0
Remote-MTA: dns; mx4.hotmail.com
Diagnostic-Code: smtp; 550 5.7.0 (SNT004-MC2F10) Unfortunately, messages from
(143.127.139.113) on behalf of (yahoo.com) could not be delivered due to
domain owner policy restrictions.

--5D865812F6.1436981490/sf01smtp2.securityfocus.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 8bit

Received: from lists.securityfocus.com (lists.securityfocus.com [192.168.120.36])
by sf01smtp2.securityfocus.com (Postfix) with QMQP
id 5D865812F6; Wed, 15 Jul 2015 10:18:42 -0700 (PDT)
Precedence: bulk
(redacted)
Delivered-To: mailing list (redacted)@securityfocus.com
Delivered-To: moderator for (redacted)@securityfocus.com
Received: (qmail 9417 invoked from network); 15 Jul 2015 10:14:32 -0000
Date: Wed, 15 Jul 2015 10:14:31 GMT
Message-Id: <201507151014 data-blogger-escaped-.t6faevnw013232="" data-blogger-escaped-sf01web2.securityfocus.com="">
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: (redacted)@yahoo.com
To: (redacted)@securityfocus.com
Subject: XSS vulnerability in OFBiz forms

Tuesday, January 8, 2013

The C Note - Brad Garlinghouse, Yahoo!


In a shameless maneuver to keep the traffic coming, I will be adding a new semi-recurring column to Tech Info. Called the C Note, this column will consist of missives from executives of technology companies in the tone of C. This will not be an 'Inside the Actor's Studio' for the ultra-rich, nor will it be an exposé where something is 'Occupied'. Attention will be paid to real articles of interest: identification of industry trends, justification for controversial decisions, in short, musings upon experience worth repeating. Do you find this distasteful, thrilling, a waste of time or something you would like the site to focus on more? Leave a comment or send an email or text message!
Reproduced in entirety due to linking trouble with the in-appropriately-named-at-this-moment LinkedIn

What I got wrong in the Peanut Butter Manifesto


Brad Garlinghouse
In 2006, as an executive at Yahoo! I wrote an internal memo outlining my observations about the state of the company and suggesting some dramatic remedies for getting it back on track. The primary point was that the company lacked a cohesive vision and I used the metaphor of spreading peanut butter to describe how Yahoo! was investing too thinly in too many different areas.
Some months later the memo was leaked to the Wall Street Journal and for better or worse, “the Peanut Butter Manifesto” has followed me ever since. Its essence even lives on at Yahoo! in new CEO Marissa Mayer’s PB&J program—one of the many important steps she’s taking to rebuild a great company.
Reflecting on what I wrote more than six years ago, it’s now painfully obvious to me that the issues I highlighted—lack of focus, accountability and decisiveness—were actually just symptoms of a deeper problem. Yahoo!’s strength had emanated from the passion and entrepreneurial zeal of its employees, but these muscles had atrophied. The company’s core culture no longer encouraged and celebrated innovation with the same zest and ardent ambition to change the world—too often this had been displaced by half-hearted maintenance of the status quo.
Marissa’s immediate focus on improving the company culture to make Yahoo! a great place to work again is evidence that this inertia endured. Though people can deride perks like free food and iPhones (or giving everyone an iPad mini for Christmas!) as buying loyalty with trinkets and toys, there is an underlying—and more fundamental—impact.
Whether you give people the latest gadget or deck your office space with beanbags and foosball tables, the point is to make work a fun, interesting and inspirational place to be. The Shower Principle (thank you, Jack Donaghy) states that great solutions are often conceived when your mind is not focused on the problem. Sometimes interactions need to happen beyond the ping of an email or the (god forbid) drone of a PowerPoint presentation.
There’s also the paradox of treating people like adults by providing them with toys. Just as freedom is always accompanied by responsibility, so permission to play comes with high expectations to deliver remarkable results. A vibrant culture provides people with real opportunities to instigate and benefit from success. They must also be accountable for failure, though all parties need to accept that attempts to innovate don’t always produce the wheel. This is the kind of place where creative, ambitious people want to play. When imaginations are encouraged to run free, it can result in amazing products.
In a recent blog post, venture capitalist Ben Horowitz relegated corporate culture to a second-class citizen behind creating a great product. I respectfully disagree. Great products don’t come out of thin air. They are an outcome of environments where innovation can thrive and talented people are encouraged to be bold.
Sure, one-hit wonders can happen anywhere, but companies that stand the test of time all recognize a fundamental truth: great people build great products and great people gravitate towards great company cultures. The startup culture that Steve Jobs created at Apple to transform a declining computer manufacturer into the creator of era-defining products is an obvious example.
So more than six years after the Peanut Butter Manifesto, what has experience taught me?
If a business has to be told that it needs more focus, accountability and decisiveness, there is a bigger problem at hand. Truly successful businesses encourage these qualities innately by creating and fostering a culture that inspires each individual to perform at their peak and rewards passion and results without peanut buttering the end of year bonus.
This is the mantra I have been repeating since I became CEO at YouSendIt in May 2012. Turning a good company with a good product into something great starts with cultural change and we’ve made remarkable progress over the past seven months. How this happens is something I will explore in future posts.
Oh, there’s one final lesson: you never know when something you write is going to unexpectedly be published in the Wall Street Journal. So watch those split infinitives.

Billing systems development now available

Good news for current and future clients of Josh Wieder Technical Consulting : customers can now retain a variety of unique services related...