Hotmail Hacking Threat

Printable View

Show 40 post(s) from this thread on one page

May 10th, 2003, 05:36 PM
PakiBlue

yes the sending password back method...

check out the recent flaw fixed some two days ago...

http://pakiblues.proboards9.com/inde...num=1052475266

- yes, there's a method to mail someone with the script (vbscript). when the victim opens the HTML based email, it executes the scripts which eventually sends the password back to the attacker. But I feel that one has to store the password on his computer through MSN msger to get hacked that way. Anyway, that has been fixed, but I feel this method can still work.
- fake login screen were also very popular. attacker just creat a fake login screen somewhere on the net and send the victim an email with the script which can direct the mail page to fake login page asking that 'session expired, login again' type of message and a hotmail look. easy haan?
- trojans/backdoord and keyloggers are some other possible method but required some social engineering. bind with some other exe and send it to the victim...
etc etc etc...
May 11th, 2003, 01:20 PM
prayer

Whats the point in hacking hotmail anywasy the risk is 2 high. The amount of gohsts they have on the server is unbeliable, and it verry unlikly that u wont get cought. So whoever is doin it i advise u not 2.

-Å-Şıľēŉćęđ-Mŏŋĸ
May 16th, 2003, 10:14 PM
sectac

uhhh

no one who "hacks" an hotmail account is hacking the hotmail server. Someones hotmail account could be worthwhile if it was his passport login with his CC info. But no one would have any reason to hack the hotmail server. Who cares about penis enlargment, why would you go after it anyway =p. Its a keylogger, a trojan, a script. Or the person is acting stupid
May 16th, 2003, 10:42 PM
er0k

Quote:

Originally posted here by MsMittens
Ya. That's one way. Social engineering into convincing a user that they need to send their password or something. Never send passwords via email even if it's the ISP/host asks for it. If it's the host they should have high enough admin access to go in if they truly need to.

Another way would be using a tool like ettercap, which collects passwords as they travel past on a network.

yet another thread to where you mention ettercap, why not make a shrine of it in your signature :P ::hide-beh
May 16th, 2003, 11:30 PM
Robdav007

Has anybody got a password list, or know of a brute forcer that can access acounts for hotmail, will be usefull as a favour for a friend.

Thanks in advance,

Robert
May 16th, 2003, 11:45 PM
jaxxofdeath

the person could have used a recent flaw on hotmail i am afraid to put the bugtraq link though because i might be banned but i am putting it anyway http://www.securityfocus.com/archive/1/320806
June 1st, 2003, 09:09 PM
codergish

My msn acount has been recently cracked, yesterday to be exact. And is really sucks. Any suggestions on what i can do, does Microsoft care at all?

:mad:
June 2nd, 2003, 06:00 AM
oso_1_

when you log into hotmail there is an option telling msn that your on a public computer
that way it wont send any info to the computer

Show 40 post(s) from this thread on one page