lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <5AF01744-5B11-4E0B-A8EF-73B2054C237C@digitalmunition.com>
Date: Fri, 23 Mar 2007 10:21:45 -0400
From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com>
To: richfa1@....com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: XBOX ID's being Jacked

There are lots of folks that mention obtaining the IP in order to  
hack your account. They usually say they have done this with Cain and  
Able or Commview or any other sniffer out there. You IP can be easily  
obtained by the usual standby groups or bridgers....  The only reason  
they want your IP is because that can buy them ONE piece of  
information. In some cases if you have paid for the proper program  
you can get an address and GPS coordinates for an IP. In most cases  
the address will be that of your neighborhood router or something  
like that.

I just wanted to clear this up as there appears to be some confusion  
over what the IP address has to do with prextexing Microsoft XBL  
employees.

You can try something like this...

http://www.melissadata.com/lookups/iplocation.asp? 
ipaddress=209.11.233.26

and get something back like this

IP Address 209.11.233.26

City FINDLAY

State or Region OHIO

Country UNITED STATES

ISP CENTRACOMM COMMUNICATIONS.

This may be JUST enough info to trick a dumb employee



-KF


On Mar 22, 2007, at 7:21 PM, richfa1@....com wrote:

> Kevin,
>
> My son's Xbox Live ID was jacked by "Brad" of the o Infamous o  
> Clan. It happened in such a short amount of time that I don't feel  
> that it was a case of Social Engineering. I did some research and  
> came up with a way to do it using your Xbox, with Action Replay and  
> a memory card, and the DVD of the game Splinter Cell, your PC  
> Kernal IP Logger and an FTP program. It seems that the DVD has a  
> copy of Linux on it that you use to help get the person's gamertag  
> by using that person's IP address.
>
> I found the steps to do it on a message board. However, by the time  
> I got to it, the message board admin had edited it and then also  
> closed the thread. I think that the social engingineering angle is  
> only a small percentage of the ID thefts. I have a feeling that the  
> technical way is more likely how the majority of IDs are stolen.
>
> Rich
> AOL now offers free email to everyone. Find out more about what's  
> free from AOL at AOL.com.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ