| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jan 2007 09:59:06 -0000 From: "Tom Harrison" <Tom.Harrison@...is.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: marc's list getting bigger, grab while you can PEBKAC, as usual. There was a spoofed login page at http://www.marcolano.com/login/ (Googlecache vers: http://64.233.183.104/search?q=cache:u2RtwlpBqFcJ:www.marcolano.com/logi n/+inurl:marcolano&hl=en&gl=uk&ct=clnk&cd=2) that was identical to the myspace login page. My guess is that he's bounced people to it either from his "funny" Tom Cruise joke page, http://www.marcolano.com/funny/comic_tomcruise.html, which seems to be a good bit of viral memeing, or the Marc Olano Editor (linked (googlecache) from here: http://64.233.183.104/search?q=cache:AT_1eXGvYf8J:profile.myspace.com/in dex.cfm%3Ffuseaction%3Duser.viewprofile%26friendID%3D19262067+marc+olano +editor+myspace&hl=en&gl=uk&ct=clnk&cd=1) which looks to be a layout creator for myspace pages. Either one would keep within his target demographic of myspace users, though the Tom Cruise one less so. Though I admit I have no idea what "fuseaction=mail.inbox&Mytoken=C4A2B3AF-1320-5CEA-FA0C50BA36B05197421825 75" does, one of the hidden inputs in his spoofed login page. That's from some relatively lo-fi google-fu, a look at the domain gives registration info that's probably relatively current. Maybe someone should call him and ask :)? Tom -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Deepan Sent: 16 January 2007 06:31 To: Emma Perdue Cc: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] marc's list getting bigger, grab while you can On Mon, 2007-01-15 at 12:49 +0000, Emma Perdue wrote: > 56000+ myspace accounts (hotmail, yahoo, gmail credentials are bonus) > > http://www.marcolano.com/login/myspace.txt Can you give details about the bugs in myspace that you used to hijack the credentails ? Thanks Deepan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists