lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 1 Jun 2011 17:05:45 +0000
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: SecurityXploded Group <contact@...urityxploded.com>, Full Disclosure
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: MSN Live Password Decryptor v2.0 is Released

You know, I've basically ignored the triviality of your tools (and the spamming of this list) in the past because I figure you've got as much right as anyone else to publish whatever tools you want.  I've published lame tools myself. 

But when you try to present this crap as "Exposing the Password Secrets of MSN," it's just too much.  CrypteProtectData and CryptUnprotectData are documented API calls to encrypt and decrypt blob data - to decrypt, you must be logged in as the same user who encrypted data, and you must be on the same computer, as keys change per user, per computer.   It's simple, basic crypto. 

This very well may have some interest to beginners on Security Basics, but continuing to spam FD with your jazz hands dance just makes you look amateurs who don't understand what security is.

t 

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-
> bounces@...ts.grok.org.uk] On Behalf Of SecurityXploded Group
> Sent: Wednesday, June 01, 2011 5:37 AM
> To: Full Disclosure
> Subject: [Full-disclosure] MSN Live Password Decryptor v2.0 is Released
> 
> Hi all,
> 
> 
> MSNLivePasswordDecryptor is the FREE software to instantly recover
> MSN/Hotmail/Windows Live Messenger passwords stored by applications
> such as MSN, Windows Live Messenger, Hotmail, web browsers and other
> messengers.
> 
> It has both GUI as well as command-line interface making it useful for Pen
> testers & forensic folks.
> 
> Find more details here,
> http://securityxploded.com/msn-live-password-decryptor.php
> 
> If you are curious to know how it decrypts the 'Windows Live' password
> secrets with complete CODE sample, check out our research article,
> "Exposing the Password Secrets of MSN/Windows Live Messenger"
> http://securityxploded.com/msn-live-messenger-password-secrets.php
> 
> 
> --
> - SecurityXploded
> An Infosec Research & Development Portal
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ