| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32783 | 2003-04-28 05:37:00 | That password stealing logger | Susan B (19) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 139519 | 2003-04-28 07:26:00 | Well, there were victims that fell suspect to something similar a while ago. An email was sent out to many random people, posing to be from Westpac. It told them that they needed to login to the Internet Banking section and change their password. If you weren't a Westpac customer, you would've ignored it, and if you're smart, informed Westpac about it. However, many people fell for the fake email, visited an exact replica site, and "logged in", giving the perpetrators their username and password, allowing criminals to get money. However, my point of posting, is that even someone like me can create a replica of Hotmail, and, running IIS or PWS, capture peoples passwords. I never used it, but you wouldn't have been able to tell the difference (aside from the fact that links only worked one page deep {I created it by hand, didn't know about things like Backstreet Browser}) between that and Hotmail if I'd just changed the HOSTS file on your computer. Of course, Hotmail has changed their site, and I've long since deleted the pages involved (never uploaded it, just wanted to see if I could do it). If you trust my word, then you are very good, because I never captured anybody's passwords, and in actual fact, it was *********** who wanted to use it, but we won't go there now. |
agent (30) | ||
| 139520 | 2003-04-28 08:45:00 | www.cnn.com@210.48.100.45 would probably work better :) Mike. |
Mike (15) | ||
| 139521 | 2003-04-28 09:30:00 | Cyber> www.cnn.com@210.48.100.45 > ead=34235 would probably work better :) > > Mike. Jeez man... Rub it in my face why don't ya?? :( Just prove my stupidity to the rest of the forum... :'( Anyway, Thanks for that! :D CyberChuck |
cyberchuck (173) | ||
| 139522 | 2003-04-28 10:07:00 | I'm disappointed in you guys, you criticise Tim for using password-capturing code, then you indulge in a supposedly "academic" dicussion on how you could do it better. Despite occasional protestations to the contrary, a few frequenters of PF1 do indulge in *cough* dubious computing practices, but they don't sing about it quite as loudly and there is definitely less malice in their actions. They usually show their interest only when attempting to help somebody out. I was too charitable by halves, some of you are not a lot different to Tim, he just got found out, but you guys seem hell-bent on spreading the technology wider. Don't try to kid yourselves that this is just an academic discussion either, it is a "look at me, I can do it better" exercise, but all the more destructive because you are setting an appalling example to any impressionable young computer enthusiast who may read your efforts and follow the links you post. IMHO Bruce ought to kill this thread too, and delete the content. Shame Billy :( [b][pre]Yeah yeah, I know, I sound like the moral minority. |
Billy T (70) | ||
| 139523 | 2003-04-28 10:15:00 | > Cyber > > www.cnn.com@210.48.100.45 > > > ead=34235 would probably work better :) > > > > Mike. > Test?? |
cyberchuck (173) | ||
| 139524 | 2003-04-28 10:16:00 | > Cyber > > www.cnn.com@210.48.100.45 > > > ead=34235 would probably work better :) > > > > Mike. > > Jeez man... Rub it in my face why don't ya?? :( > Just prove my stupidity to the rest of the forum... > :'( > Anyway, Thanks for that! :D > > > CyberChuck |
cyberchuck (173) | ||
| 139525 | 2003-04-28 10:19:00 | That was extremly strange... How did I get Times New Roman Appearing up there ?:| |
cyberchuck (173) | ||
| 139526 | 2003-04-28 10:29:00 | > I'm disappointed in you guys, you criticise Tim for > using password-capturing code, then you indulge in a > supposedly "academic" dicussion on how you could do > it better. I'm not saying how it could be done better. I'm merely saying how it could be done.. Would you know if someone had edited your hosts file and you ended up submitting your personal information to a faked website?? Probably not - and neither would I - I'm just saying that it's possible to do that. Also, as for URL Spoofing - how can you get me for showing people when it's done when you can just type it into Google and it shows you all the answers you possibly need? I only know of URL Spoofing from a PCWorld Article which I read and took interest to... Due to peoples ignorance, they are unaware that they are actually submitted details to a spoofed site... That's what happened with Bill Clintons Assassination and CNN. Someone just copied the CNN Website, uploaded it to a webserver, changed the CNN URL to make it look really long and official and then emailed it out. Although discussing this sort of thing may be deemed bad, the basis remains - Without a disease you don't find the cure. Only when you understand the disease will a cure be found CyberChuck |
cyberchuck (173) | ||
| 139527 | 2003-04-28 23:01:00 | Yeah.. Its ignorance.. Of how things work.. and in this day and age, its not a good thing! I timed it not too long ago... give me around 60 seconds at a PC and I can have it logging every single key taken and emailing me the stats whenever the user connects.... I can also have the Dial-up password, while its installing.. (Provided they're running Win9x, as NT-Based systems dont work with Revelation). The thing is.. I found a hotmail spoof site (Courtesy of CyberChuck) and did a little digging around.. It wouldnt be too hard for any old Joe Bloggs (Or not so old in my case ;-)) to take it a little bit further, and rather than have a message come up saying thanks for the password mate, to rather have it emailed to EmailX@nowhere.com and then take them to their account! To be quite honest, its not terribly hard to get into things nowadays like that.. And thats probably not a good thing either! IMHO, its too easy for a spoofer to get ya details.. I could register hotmial.com and then do a bit of DNS editing etc... and have people coming to me from certain websites.. yadayadaya... but anyways.. When it comes down to it, people need ot know the URL of the place they're going too... even then, you can be re-directed somewhere else.. and popups everywhere.. Its just shocking! I remember about 6 years ago when we first got the Net, and in the first month, I only saw one popup! Now, I hate using IE coz I get flooded with the buggers.... Oh what has the world come to.. We are filled with popups/popunders... Well.. it could be worse ;-) |
Chilling_Silently (228) | ||
| 139528 | 2003-04-29 00:00:00 | I'm really disappointed by what both Cyber and Chilling have said. For a "friendly" community forum, these illegal acts should not have been explained in enough detail that anyone could attempt it. It'd be better if letting them know of the possibility but not to give a simple method to do this. This is what forms "script kiddies" and can lead onto more problems later on in life. This is the method to increase someone's curiosity and once mastered that they move onto something bigger. Ignorance is bliss for those who do these acts because they know the person they are attempting it on has not taken much consideration in keeping protected but what more, if explaining how to do this, explain how to correct this so you are not a victum of such acts. Do you know how to correct this? We are here to help people not make it worse for them. |
Kame (312) | ||
| 1 2 3 4 | |||||