lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a166c090604051059l39c0fcbfk42c3c9ca523e74d0@mail.gmail.com>
Date: Wed Apr  5 19:00:11 2006
From: n3td3v at gmail.com (n3td3v)
Subject: obtai an IP of an MSN Messenger contact

If you want the IP of a user on Yahoo Messenger, all you do is add a user to
your list with social engineering techniques, then you listen on port 5101
and send the victim a normal instant message. Yahoo compromises security in
that way by attempting to establish a peer to peer connection between
consumer clients, to save on server useage. Yahoo don't care how easy it is
to obtain a users IP by simply sending someone an instant message. Yahoo say
the fact you need to add each other to a friends list first is good enough
security to protect its users.

On Yahoo messenger you don't even need to send a file like the kiddie
xyperpix suggested.

And the reason I bring up Yahoo messenger in a msn messenger thread? Because
both are abotu to link networks, so you can have cross network
compatibility,

Hackers are standing by as are phishers this Summer for the functionality to
be launched. This will make for a very interesting summer, because for years
the Yahoo messenger protocol has been easy as chips to hack, to obtain
cookies, disconnect users from the network etc.

And of course Yahoo tried to lock out third party connections from robots
using their network for worms, spam, phishing, although the encryption
technique they tried to use was reverse engineered and within two days of
Yahoo launching their handshake security stuff, the encryption was cracked,
and the robots returned, along with third party chat clients.

Its going to be a busy summer.

Get ready.




On 4/5/06, Technocrat <dj.technocrat.listmail@...il.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> xyberpix wrote:
> > If he's online, send him a file, as you're sending the file, do an
> > netstat -an, and you should see the address that you're transferring to.
> > That is so long as he's not using a proxy ;-)
>
> X, don't feed the children..lol He could have found that with a Google
> search man..lol
>
> This one is for Guidoz - http://www.guidoz.com/tryhere.jpg
>
> Ian, hope you played a great trick on your "friend".
>
> - -Technocrat
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFEMwUtYes14KNcgbYRAnHLAKChCbSM8zlN1xOdd1SqKi83TfVLQQCgjhcN
> ODJx4+0qDh/s2E6GVTRP2Pc=
> =t1yH
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060405/1a4d55f5/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ