Search:

Type: Posts; User: Farmikol0t; Keyword(s):

Search: Search took 0.06 seconds.

  1. Replies
    55
    Views
    41,242

    logged out.

    logged out, can still send and receive mail from the account via dontstealmysecrets. Tried it with numerous accounts.

    by logging out.

    by logging me out in the browser.

    that's on their end....
  2. Replies
    55
    Views
    41,242

    nihil - ?

    Thank you for your response and all of the colors.

    Below are the answers to your questions:


    I said: "works even after the logout occurs, which is seriously troubling"

    you answered: "Only...
  3. Replies
    55
    Views
    41,242

    SSL is a waste of time on these providers

    works even after the logout occurs, which is seriously troubling.

    appears to work for many (but not all) providers. does not work for gmail, but suspect this is intentional. works for a large...
  4. Replies
    55
    Views
    41,242

    nihil

    I have no idea. Given the extensive description previously provided, "take over" in this context means "take over the use of".
  5. Replies
    55
    Views
    41,242

    nice

    Very nice.

    Marsbarz:

    1) denial
    2) "product X does that already"
    3) "well, we could write that"
    4) acceptance

    You are currently at #1. I wonder how long it will take you to get to #4.
  6. Replies
    55
    Views
    41,242

    dontstealmysecrets

    The name of the Windows program is dontstealmysecrets, the website is http://www.dontsteal.net.

    I didn't post this earlier because it enables any Windows user (with a Backtrack CD and a compatible...
  7. Replies
    55
    Views
    41,242

    yes to send and receive.

    You can send and receive email on all accounts. You can construct a new mail message and send it, and you can receive new email.

    This works with other webmail providers.

    I now believe that...
  8. Replies
    55
    Views
    41,242

    answers...

    None of the above fits. I can duplicate it, so it isn’t #1. The provider’s authentication is over SSL, and the cert is valid, so it isn’t #2 or #3. It is not possible that it is #4.


    The...
  9. Replies
    55
    Views
    41,242

    info...

    Not sure, an expired cookie wouldn't work for top webmail providers, so it appears to be something else.

    Capturing traffic with Kismet. There is no AP in the laptop, just a wireless card not...
  10. Replies
    55
    Views
    41,242

    Exploit / webmail

    Agreed - it's full control over the account.



    Don't know but it works even on a logged-out account (i.e. any cookies presented would be expired so they shouldn't work).



    View of any...
  11. Replies
    55
    Views
    41,242

    Doesn't make sense though...

    I tried the procedure myself (obviously with my own accounts) over the weekend and there is a serious problem, it's endemic, and not for just one provider. The problem is present even with very...
  12. Replies
    55
    Views
    41,242

    Replay...

    Web mail accounts where the password hash is encrypted via SSL.

    It's a lot more than showing what was re-played, rather full access to the account was provided.
  13. Replies
    55
    Views
    41,242

    replies...

    Coworker showed me.



    Neither. Talking about SSL encrypted hashes and authentication.



    That's what I thought also, but what I thought and what you have stated above are incorrect. ...
  14. Replies
    7
    Views
    7,071

    is it spam?

    You didn't indicate whether it is spam or not. If it is, you can pretty much forget trying to figure out who sent it.

    However, if it is from an unknown sender but it is a personalized message,...
  15. Replies
    55
    Views
    41,242

    saw it done

    I guess because I saw it done.

    What I saw was that the traffic was pulled out of the air using Kismet under the Backtrack Live CD booted on a laptop. The .dump file was saved to USB. The same...
  16. Replies
    55
    Views
    41,242

    ssl doesn't seem to matter

    It's a playback of wireless traffic which provides access to any web mail account, and it appears to work even if the account password or hash is protected by SSL. I don't think it is an MITM attack...
  17. Replies
    8
    Views
    20,525

    DWL-650

    Only Rev A1 through J3, i.e. NOT the square ended card.
  18. Replies
    32
    Views
    20,866

    Or install a second copy of XP (specify a...

    Or install a second copy of XP (specify a different installation folder), boot that copy, install CA Anti-Virus (free for a year) and Defender, and run them to completion.

    Hope this helps.
  19. Replies
    8
    Views
    7,247

    What I'd like to know is - how do they continue...

    What I'd like to know is - how do they continue to sell that product when it slows the machine down so much?
  20. Replies
    55
    Views
    41,242

    Playing back wireless traffic

    I don't understand why it's possible to play back captured wireless traffic and get access to any web mail account. There seems to be some kind of fundamental flaw at work here.
Results 1 to 20 of 20