lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3118e6cd0909142211v721883c2pc6798c01fa9d15d8@mail.gmail.com>
Date: Tue, 15 Sep 2009 02:11:59 -0300
From: Augusto Pereyra <aepereyra@...il.com>
To: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Hack-Mail.net or similar site

I think this service is fake.

To make some portal like this only you need a php form with the
following fields: Account to Hack, Account to send password

Some client fill this form and three days later the server send a
spoofed mail acting like they have the password of the account
requested in previous form. When the client put his fait in this kind
of cheat pay the cash and maybe some kind of trash is sended to his
account.

When the client in cheated is too late. Now the owners of the site
have his 20 buck.

I was tested it and the mail doesn't become from yahoo server. The
mail become from bebobox.com

My english sucks! Sorry






On Mon, Sep 14, 2009 at 7:43 PM, maxigas <maxigas@...rgeek.net> wrote:
> From: mamo <mamo74@...il.com>
> Subject: Re: [Full-disclosure] Hack-Mail.net or similar site
> Date: Mon, 14 Sep 2009 23:20:24 +0200
>
>> On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer <andfarm@...il.com> wrote:
>>>
>>> So, in other words, they're spoofing From addresses for profit. Clever.
>>
>> I never tried them. I will just for fun (with my email address).
>> Perhaps they are doing something more smart (like brute forcing with
>> dictionary, use some virus or web attack or something else).
>>
>> Mamo
>
> tell us how it went, my guess was also that they are just setting that from= address and that's
> it, so you don't get a working password after all.  but i have no 20$ to test it.  :f
>
> maxigas
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ