Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34

Thread: How do I hack Hotmail, AOL etc?

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    How do I hack Hotmail, AOL etc?

    Subtitle: Wireless Oakland is piloting and I need to warn my users....

    Since I use very few of the "free" email services, (Hotmail, AOL, etc.), Instant Messengers, (Yahoo, MSN etc.), I want to check my facts about the transmission forms of these systems which are the predominant vehicles of communication for many.

    My questions are:-

    1. Do any of the standard "free" email systems generally encrypt their transmissions "out of the box" of are they simply an HTTP transfer in clear text.

    2. Which of the "free" email systems come "out of the box" with unencrypted logins?

    3. Which of the "free" email systems allow you to "upgrade" to a secure login but then revert back to "in clear" HTTP?

    4. Which of the "free" email systems allow you to switch everything to an encrypted connection for all transactions and remember it for every time you connect?

    5. Can you answer the same questions for the common IM programs that everyone's kids use?

    6. Can you list any other concerns regarding "in clear transmissions" over a public wireless network that the general users would fall foul of that will really scare the BeJabers out of them....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    5. I do not know about login sessions, but all chats are clear text unless you specifically set up AIM to be encrypted. MSN and Yahoo don't have any first party encryption, but there are 3rd party tools, only problem being both sides of the conversation must be using the software.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    2. Which of the "free" email systems come "out of the box" with unencrypted logins?
    Both yahoo and hotmail/msn mail, out of the box, sign in is unencrypted. They both offer a higher level of secure login using SSL. This is an option available at the login prompt but I do know where your going with this.

    See attached screeny.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    1. I know traditionally they caught a lot of heat for not having encrypted login sessions. I just tried to hit up my ancient aol account via web and got the https connection.

    6. You may want to let your users know that a link in a chat program is as dangerous or more so than one on a webpage. The chat programs normally have some FTP service built in and can cause some major issues.



    Cheers,

    The_Captain
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Grunt: Thanks...

    Jinx: Ya... Cool... But then they revert to in clear transmission of the mail itself so I can sniff it and read their mail right.... Stalking anyone...

    Captain: Okay, but does it go back to HTTP after that. Thanks for the file transfer heads up - I forgot about that one.... MITM comes to mind too....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    I looked into this a while back for hotmail/msn and I'm pretty sure that the login is encrypted with SSL. The main page isn't, but the credentials aren't sent until the https session is established. I'll load it up on a machine with ethereal later on tonight and check again.

  7. #7
    Yes, as soon as I logged it my mailbox and everything were back in http.

    I then tried the little used AIM Express which I would normally think is a really bad idea, it's basically a web version of AIM. Using netstat I saw it was connected with http after a secure login, but it does not give the file transfer capability of normal AIM.
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I know I've been over this before, (search for Kurt Hack here on AO), but this is going to be a real mess isn't it?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    I just did a search and read the wireless plan. Please tell me they're not still going ahead with that?

    Never mind, i guess that's the point of this thread. I would just tell the wireless users they're screwed. Do they have any plan for bleedover into businesses?
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    It's piloting soon in several communities in Oakland County.... I recently moved to Macomb county...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •