Search
Member List
Calendar
Help
|
'I Love Messenger' flaw
|
|
Jun. 14, 2005, 01:04 AM
Post: #1
|
|||
|
|||
|
http://www.net-force.nl/files/articles/hotmail_
 s/Curiously enough, Proxomitron is used in the method 
|
|||
|
![[-]](images/ONi/collapse.gif)
|
Jun. 14, 2005, 02:02 AM
Post: #2
|
|||
|
|||
Kye-U Wrote:Curiously enough, Proxomitron is used in the methodHow unfortunate, IMO... I wouldn't exactly call that article "positive publicity" for Proxo... I can see it now, "wanna be hackers" lining up hand over fist, stepping on each others toes, battling to be first in line... All to grab the 'latest craze' in "hacking" - the Proxomitron... A shame! Sure, Proxo can fake cookies... But I for one certainly do not want Proxo to become the 'King of Hotmail Hacking'... But all that aside - I personally see no Hotmail flaw here... In order for Proxo to fake that Hotmail cookie, the contents of that cookie must be know first and foremost... So just how were those contents obtained? Directly from the computer that the Hotmail user last logged in on? IF you have physical access to said computer, why are you seeking a means to hack said Hotmail account? JUST USE THAT COMPUTER, duh! FYI - me and my brother actually use our Hotmail accounts as a GAME... We go to Hotmail, tell it we forgot our passwords, then we use the "security question" that is set up to 'remind' the "real" user of the password... IF we, my brother and I, "know" each other well enough, then we are IN... currently, I'm winning... but he's only one behind on the scoreboard... a nail biter, this one can go into overtime... |
|||
|
|
|
Jun. 14, 2005, 02:50 AM
Post: #3
|
|||
|
|||
|
The victim clicks on a link to a page that is a PHP script that logs their Hotmail cookie.
You then use Proxomitron and enter that cookie in a header filter and then go to Hotmail.com to access their account (taking in mind that they haven't signed out, or the session didn't expire). I agree that this is bad publicity for Proxomitron  That Hotmail Secret Question game sounds fun 
|
|||
|
|
|
Jun. 14, 2005, 12:37 PM
Post: #4
|
|||
|
|||
Kye-U Wrote:The victim clicks on a link...No offense to any 'random clickers' in here, but ANYONE that unconsciously clicks on ANY link within an e-mail is only asking for trouble... Personally, and "don't hate me 'cause I'm beautiful"  , but such 'unconscious clickers' GET WHAT THEY DESERVE, in my opinion... (okay, my opinion isn't that harsh, but you catch my drift...)edit: okay, after re-reading, that wording does sound a bit harsh... the point is, NEVER CLICK ON A LINK WITHIN AN E-MAIL THAT IS "SUSPICIOUS"!!! Um, hello, how hard can it be to control your trigger finger? |
|||
|
|
|
Jun. 15, 2005, 07:12 AM
Post: #5
|
|||
|
|||
|
ProxRocks;
The trouble here is, you're preaching to the choir!  We know better, but we don't have the ear of the general run-of-the-mill clown who has enough money to buy a computer, but if brains were dynamite, he wouldn't have enough power to catch his kleenex on fire when he sneezed! Guys, a couple of points to keep in mind..... Just because someone uses a good product in a bad way doesn't mean that the product has suddenly gone bad. (Think automobile here.) You do have to be a wee bit sophisticated to be able to use this "feature" correctly. Unless some * programmer has given the skript kiddies a batch file that will assemble all the pieces automatically, then the chances of hordes of little pimple-faced bastids doing this on a massive basis are indeed small. If you use Hotmail, then your privacy was compromised the moment you signed up. Sorry, but that's just the way it is. Even if you faked everything, your habits and patterns are still recorded, along with your IP. Eventually, all the pieces will be put together, if they haven't been already. There ain't no such thing as bad press!!!! If this brings a flock of people running to the Proxo camp, then all the better for everyone. We might get a flurry of sign-ups for awhile, and no few moronic questions about how to fake a cookie, etc., but we'll still have a bigger base of members, once this thing takes off. Finally, how are "they" gonna make everyone stop using Proxo, just because it can be used in some nefarious way? (Think automobile again.) Nah, Kye-U and the UOPF is here to stay, take my word for it. :P Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
|
|
|
Jun. 15, 2005, 01:53 PM
Post: #6
|
|||
|
|||
Oddysey Wrote:Kye-U and the UOPF is here to stay, take my word for it. :PLet's hope so, given the latest DNS problems and the recent lack of participation due to said DNS problems... Correct me if I'm wrong, but there's only been like five or so of us in here over the last couple of weeks - us "die hards" just won't die... |
|||
|
|
|
Jun. 18, 2005, 05:59 AM
Post: #7
|
|||
|
|||
|
ProxRocks;
Quote:.....us "die hards" just won't die...Hi, I'm Bruce Willis. Did I just hear my name called? [lol] Oddysey I'm no longer in the rat race - the rats won't have me! |
|||
|
|
|
« Next Oldest | Next Newest »
|