lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <41011d980608150053w5ca60a3fq1660246e7babfe95@mail.gmail.com>
Date: Tue, 15 Aug 2006 13:23:55 +0530
From: "crazy frog crazy frog" <i.m.crazy.frog@...il.com>
To: nick@...us-l.demon.co.uk
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Yahoo/Geocities possible exploit/vulnerability

yeah,
if some one has ur friends id and password he can send you such
message then u will enter ur password and it goes to ur friends and
continue........
-CF
-----------------------------------------
http://www.secgeeks.com
-----------------------------------------

On 8/15/06, Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> Jain, Siddhartha wrote:
>
> > The phishing apart, how can a userid be spoofed on Yahoo Messenger? Is
> > this something trivial? I thought Yahoo fixed the issue with Y!Messenger
> > 5.0.
>
> Ummmm -- unless I'm missing something here (and as I've already said
> I'm NOT a YIM expert), in any system (like YIM) that only does user
> identification through a username-and-password-style login, if someone
> knows your username and password, then that someone _is_ you as far as
> said system is concerned.  Of course, the phishers (or their bots)
> behind this scam are not really you, but YIM doesn't know that, so to
> YIM there is no spoofing -- when the phisher/bot did a YIM login with
> your credentials, as far as YIM was concerned, _you_ were logging in...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
 another wannabe, in hackerland!!!"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ