| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 5 19:00:11 2006 From: n3td3v at gmail.com (n3td3v) Subject: obtai an IP of an MSN Messenger contact If you want the IP of a user on Yahoo Messenger, all you do is add a user to your list with social engineering techniques, then you listen on port 5101 and send the victim a normal instant message. Yahoo compromises security in that way by attempting to establish a peer to peer connection between consumer clients, to save on server useage. Yahoo don't care how easy it is to obtain a users IP by simply sending someone an instant message. Yahoo say the fact you need to add each other to a friends list first is good enough security to protect its users. On Yahoo messenger you don't even need to send a file like the kiddie xyperpix suggested. And the reason I bring up Yahoo messenger in a msn messenger thread? Because both are abotu to link networks, so you can have cross network compatibility, Hackers are standing by as are phishers this Summer for the functionality to be launched. This will make for a very interesting summer, because for years the Yahoo messenger protocol has been easy as chips to hack, to obtain cookies, disconnect users from the network etc. And of course Yahoo tried to lock out third party connections from robots using their network for worms, spam, phishing, although the encryption technique they tried to use was reverse engineered and within two days of Yahoo launching their handshake security stuff, the encryption was cracked, and the robots returned, along with third party chat clients. Its going to be a busy summer. Get ready. On 4/5/06, Technocrat <dj.technocrat.listmail@...il.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > xyberpix wrote: > > If he's online, send him a file, as you're sending the file, do an > > netstat -an, and you should see the address that you're transferring to. > > That is so long as he's not using a proxy ;-) > > X, don't feed the children..lol He could have found that with a Google > search man..lol > > This one is for Guidoz - http://www.guidoz.com/tryhere.jpg > > Ian, hope you played a great trick on your "friend". > > - -Technocrat > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFEMwUtYes14KNcgbYRAnHLAKChCbSM8zlN1xOdd1SqKi83TfVLQQCgjhcN > ODJx4+0qDh/s2E6GVTRP2Pc= > =t1yH > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060405/1a4d55f5/attachment.html
Powered by blists - more mailing lists