| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 32783 | 2003-04-28 05:37:00 | That password stealing logger | Susan B (19) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 139509 | 2003-04-28 05:37:00 | That password stealing logger that Kame so kindly alerted us all to, are they very common? Has anyone else discovered other sites with them before? Obviously scrupulous sites will not use them, but now that I know they exist I plan to alert others of their existence so that they are able to watch out for them on similar homepages . I have never come across such a thing before so That Incident was very enlightening . All the more reason why we need to have different passwords for different sites . Imagine how much fun someone could have by stealing from a user who had the same password for everything they did? Just one more thing to watch out for when roaming the internet I suppose . Thanks for alerting us all to it, Kame . |
Susan B (19) | ||
| 139510 | 2003-04-28 05:45:00 | I suppose as long as you stick to going to legitimate, safe, legal, and "clean" sites, you usually safe. Just don't visit sites which seem dodgy, or are faking as another site, and you should be fine. |
somebody (208) | ||
| 139511 | 2003-04-28 05:49:00 | I've come across the script that Tim used on his site at www.rishabhdara.com - all you need to do for that is copy and paste the HTML into Notepad, change r_dara@hotmail.com to your email address - save it as "mysite.html" (you can change the mysite to anything - just keep the .html and the quote marks) and heck! One working fake version of hotmail which emails you with the passwords of your victims. | cyberchuck (173) | ||
| 139512 | 2003-04-28 05:55:00 | > Just don't visit sites which seem dodgy, or are faking as another site, > and you should be fine. Not as easy as it seems I'm afraid... Who knew that Tim was doing that if it wasn't for Kame??? Anyway, there's nothing stopping me from putting a HOSTS file on my PC and running something like Xitami Personal WebServer and then faking the hotmail login screen to get my sisters password. Of course I wouldn't do this or anything, but there's nothing stopping it from been implimented |
cyberchuck (173) | ||
| 139513 | 2003-04-28 06:02:00 | I suggest you don't give people ideas :D | somebody (208) | ||
| 139514 | 2003-04-28 06:07:00 | Well . . . Nothing was stolen . :D Anyone who entered a name and a password did it voluntarily . That information was stored . It was stored by mailing it to an address . You should suspect any request for a user/password when you have not registered for some service which would require it . ;-) When you register your name and password on the PressF1 site, it is stored . In this case it is stored on the same system as PressF1 . Some cases have been reported when people have put up pages mimicking the login page of real systems like AOL, Hotmail, etc, where name/password could be recorded for "further use", when real thefts could happen . For it to work, it needs some clever DNS trickery . I suppose the useful pages to mimic would be those for online banking . :D I'm not sure who you would detect this . . . maybe the certificate system for secure connections would give some protection, but unless the client software actually requires a particular certificate rather than "a valid certificate", "some" isn't much . But it isn't "easy" to get the false pages in place . I don't think Tim could do that . Criminal organisations could . The US Govt could . (Probably have :D) I suppose if you haven't registered a usercode/password with something, you should be very suspicious of a request for a user/password . Especially if it's a personal Web page, which isn't not really where you expect to have to log in . It was a silly stunt of Tim's . It led to some more namecalling . Always a bad thing . |
Graham L (2) | ||
| 139515 | 2003-04-28 06:30:00 | Thanks for that guys . I initially thought of warning The Girl as she would be more likely to come across a situation like this rather than me, but now that Graham has revealed other possible scenarios I will be keeping my own eyes open wider - just in case . ;-) > It was a silly stunt of Tim's . It led to some more namecalling . Always a bad thing . I did not start this thread with the intention of discussing Tim . . . . at all . All I am interested in is the password logging business . Please keep Tim right out of this thread . |
Susan B (19) | ||
| 139516 | 2003-04-28 06:32:00 | > For it to work, it needs some clever DNS trickery. I suppose the useful > pages to mimic would be those for online banking Not necessarily. I'm reminded of someone who setup a website saying that Bill Clinton had been assassinated. He set it up to look like the official CNN Website and then emailed it to all their friends and so on it spread. This works because Internet Browsers treat @ symbols the same way as email clients! For example (this is coming from a Geoff Palmer article from PCWorld) - what's the difference between: www.pressf1.co.nz (http://www.pressf1.co.nz) and www.cnn.com The URL and the @ symbol.. Forget the URL at the moment - it's the @ symbol that's important. As any dedicated PF1 member should know - 210.48.100.45 is the IP Address of PressF1 - so the Internet Browser ignores the beginning of the site and goes straight to 210.48.100.45 CyberChuck |
cyberchuck (173) | ||
| 139517 | 2003-04-28 06:36:00 | ARGH.. Why's this stupid thing not working?? |
cyberchuck (173) | ||
| 139518 | 2003-04-28 06:42:00 | Okay Got it working now... Replace the above urls with: www.pressf1.co.nz and www.google.com@pressf1.co.nz It appears that it only wants to work should the @ symbol immediately follow the domain! |
cyberchuck (173) | ||
| 1 2 3 4 | |||||