http://www.securityfocus.com/news/3249

Ugly. Wicked ass ugly.

Especially considering all the publicity Yahoo got/gets for running FreeBSD. Of course the rootable systems were SAN systems and not BSD.

Yahoo has been going downhill for a while in my opinion. I don't care for the yahoo pages much anymore. I have more problems with lab computers running the Yahoo client than the other clients.

May favourite part of that article,


"It shows that [Yahoo] probably needs be doing some sort of network penetration testing using a scanning tool themselves -- even a basic one."

OUCH!

Not good considering they are such a big BSD user. Article say that you could get a root shell on their Netapp filers from a web-admin interface from the internet without a password. That would give you access to ALL the data on that Netapp filer and in that cluster.

Can anyone say "vol delete vol0"

YIKES!

{K}