Cristian Livadaru's blog

... think again ...

Why Is Yahoo So Fucking Stupid?

Some days ago I got contacted by Western Union because there was a Phishing site on one of my clients pages. After a short search the cause why this happened was found. There was a FTP account with a weak password which I instantly deleted, and also the Phishing site. But I made a copy for further analysis before deleting it so I can provide further information to Western Union.
What the site did was mail all data to a gmail and a yahoo email address. I contacted Yahoo and Gmail so they can do something about it (for example block those accounts) the Response from yahoo was this:

Hello,

Thank you for writing to Yahoo! Mail.

I understand your frustration in receiving unsolicited email. While we
investigate all reported violations against the Yahoo! Terms of
Service
(TOS), in this particular case the message you received was not sent
through the Yahoo! Mail system.

Yahoo! has no control over activities outside its service, and
therefore
we cannot take action. You may try contacting the sender’s email
provider, by identifying the sender’s domain and contacting the
administrator of that domain. The sender’s provider should be in a
better position to take appropriate action against the sender’s
account.

The email message itself does contain some information relating to the
sender’s identity. Yahoo! includes the originating Internet Protocol
(IP) address in the full Internet headers of all messages sent through
Yahoo! Mail, so that we will have information regarding the origin of
messages sent through our system. The originating IP address should be
located in the very last “Received” line of the full Internet headers
and corresponds to the sender’s Internet Service Provider (ISP).

Please see the following URL for more assistance:

http://help.yahoo.com/help/us/mail/spam/spam-05.html

Once you have identified the IP address, you can conduct an IP
lookup to
determine which ISP provides this person with Internet access. One
such
lookup tool you may want to try is:

http://www.arin.net/whois/

You can then attempt to contact that ISP to report any abuse
activities
occurring within their service.

Please let us know if you still need assistance so I may assist you
further.

Your patience during this process is greatly appreciated.

Thank you again for contacting Yahoo! Mail.

Regards,

Smith

Yahoo! Customer Care

http://www.yahoo.com/

38662211

Looks like they really didn’t understand what is going on so I responded

Hi, either I didn’t express myself correct or you didn’t even read
the mail I forwarded.
Let try again with some simpler words

My server got hacked and a Phishing site was uploaded.
This phishing site SENDS THE CREDITCARD DATA TO A YAHOO EMAIL ADDRESS
there was no word about receiving spam or anything else, so your
answer doesn’t make any sense to me.

This should be pretty easy to understand, now the answer from yahoo really is funny

Hello,

Thank you for contacting Yahoo! Customer Care.

Yahoo! takes the security of your account very seriously. In order to
ensure the safety of your account, we will need you to provide all of
the following information you supplied at registration:

  1. Yahoo! ID

  2. Your name

  3. Date of birth (mm-dd-yyyy)

  4. Alternate email address (Non-Yahoo!)

  5. Your new desired alternate email address, if it needs to be
    updated (please note that this address cannot be a Yahoo! Mail address).

  6. The answer to your Security Question

  7. City and State

  8. ZIP/Postal code and country

We will then match this data against our detailed records.

Once we have received and verified all of the above information, we may
be able to provide further assistance.

Your patience is appreciated.

Thank you again for contacting Yahoo! Customer Care.

Regards,

Ray

Yahoo! Customer Care – Account Security

Now I give up, I have better things to do then to explain yahoo what they should do.
I couldn’t resist no to answer, so here my answer to yahoo:

I give up.
I just wanted to inform you that there is an email account on yahoo being used to receive mail from phishing sites. That’s all !
Why on earth should you need my yahoo id for this ???
I don’t have a Yahoo ID, and I don’t want a yahoo ID.

This was the last time EVER that I contact yahoo!
You guys are incredible! Really! Once I informed you about a faked flickr page stealing yahoo accounts! Several of my friends lost their account due to this phishing and it took yahoo over a week to turn that site off! It was even hosted on geocities, that as far as I know belongs to yahoo, so you could have turned that site of instantly and stop fraud!

And you dare to write that you take security very seriously? That was a good joke! really!

Technorati Tags: Internet, yahoo, stupidity