Type: Posts; User: Farmikol0t; Keyword(s):
Search took 0.01 seconds.
April 8th, 2007, 04:38 PM
logged out, can still send and receive mail from the account via dontstealmysecrets. Tried it with numerous accounts.
by logging out.
by logging me out in the browser.
that's on their end....
April 7th, 2007, 01:58 AM
Thank you for your response and all of the colors.
Below are the answers to your questions:
I said: "works even after the logout occurs, which is seriously troubling"
you answered: "Only...
April 6th, 2007, 08:34 PM
works even after the logout occurs, which is seriously troubling.
appears to work for many (but not all) providers. does not work for gmail, but suspect this is intentional. works for a large...
April 6th, 2007, 06:17 PM
I have no idea. Given the extensive description previously provided, "take over" in this context means "take over the use of".
April 6th, 2007, 01:51 PM
2) "product X does that already"
3) "well, we could write that"
You are currently at #1. I wonder how long it will take you to get to #4.
April 6th, 2007, 01:49 PM
The name of the Windows program is dontstealmysecrets, the website is http://www.dontsteal.net.
I didn't post this earlier because it enables any Windows user (with a Backtrack CD and a compatible...
April 4th, 2007, 12:20 PM
You can send and receive email on all accounts. You can construct a new mail message and send it, and you can receive new email.
This works with other webmail providers.
I now believe that...
April 1st, 2007, 01:10 PM
None of the above fits. I can duplicate it, so it isnít #1. The providerís authentication is over SSL, and the cert is valid, so it isnít #2 or #3. It is not possible that it is #4.
March 30th, 2007, 02:14 PM
Not sure, an expired cookie wouldn't work for top webmail providers, so it appears to be something else.
Capturing traffic with Kismet. There is no AP in the laptop, just a wireless card not...
March 19th, 2007, 08:48 PM
Agreed - it's full control over the account.
Don't know but it works even on a logged-out account (i.e. any cookies presented would be expired so they shouldn't work).
View of any...
March 19th, 2007, 12:27 PM
I tried the procedure myself (obviously with my own accounts) over the weekend and there is a serious problem, it's endemic, and not for just one provider. The problem is present even with very...
March 16th, 2007, 11:08 PM
Web mail accounts where the password hash is encrypted via SSL.
It's a lot more than showing what was re-played, rather full access to the account was provided.
March 16th, 2007, 10:03 AM
Coworker showed me.
Neither. Talking about SSL encrypted hashes and authentication.
That's what I thought also, but what I thought and what you have stated above are incorrect. ...
March 13th, 2007, 09:26 AM
You didn't indicate whether it is spam or not. If it is, you can pretty much forget trying to figure out who sent it.
However, if it is from an unknown sender but it is a personalized message,...
March 12th, 2007, 09:24 PM
I guess because I saw it done.
What I saw was that the traffic was pulled out of the air using Kismet under the Backtrack Live CD booted on a laptop. The .dump file was saved to USB. The same...
March 12th, 2007, 01:20 PM
It's a playback of wireless traffic which provides access to any web mail account, and it appears to work even if the account password or hash is protected by SSL. I don't think it is an MITM attack...
March 8th, 2007, 07:25 PM
Only Rev A1 through J3, i.e. NOT the square ended card.
March 8th, 2007, 07:20 PM
Or install a second copy of XP (specify a different installation folder), boot that copy, install CA Anti-Virus (free for a year) and Defender, and run them to completion.
Hope this helps.
March 8th, 2007, 07:17 PM
What I'd like to know is - how do they continue to sell that product when it slows the machine down so much?
March 8th, 2007, 07:04 PM
I don't understand why it's possible to play back captured wireless traffic and get access to any web mail account. There seems to be some kind of fundamental flaw at work here.