I have just received an update, as of 7-20-03 of the newest way to hack Yahoo Mail. Let me know if anyone is interested.
Printable View
I have just received an update, as of 7-20-03 of the newest way to hack Yahoo Mail. Let me know if anyone is interested.
You have GOT to be SCRIPT KIDDING me.
*sigh*
Does that del command still hack yahoo accounts when you use it on your C drive?
I dont know about that. I just got an instant message, offline, that told of the new way.
I have only 4 letters for you.
RTFM
Well NO!Quote:
Let me know if anyone is interested.
But if you were to ask are we interested in how to protect our Yahoo accounts from this new idea.. We will be very interested..
Cheers
I'd have to agree with Und3ertak3r on this......
Wow instant death! On a more positive note, has anyone heard of any problems with Yahoo IM... any protection issues that need to be addressed?
Just wondering...
~AciD
Since the info came to him in an offline message it was probably trojan bait, still I am curious since I use Yahoo and Yahoo IM both on my desktop and cell phone???
yeah, i couldn't find anything about yahoo... except a local cookie vuln... that's it? i think roadclosed is right... prolly just pr0n or tr0jan?
Sometimes I wonder about stuff like this. At times I would love to just hear these people out and see what they say to be able to do research and see if it's BS or not. Actually I think I will email the guy and see if I get a responce, just so we can make something of it (possibly)
Just a thought...
~AciD
Quote:
Originally posted here by AciDriveHB
Actually I think I will email the guy and see if I get a responce, just so we can make something of it (possibly)
~AciD
Yes, I agree. I think it will be interesting playing around with that theory.
I can't wait to see haquer's definition of 'e-mail hacking'. LMAO
Edit: Revised this post to be a little more friendly. Sometimes I get steamed and use some pretty foul language. :-)
I find it disturbing that this guy got neg-ed to death for this post. This guy simply stated he was aware of a Yahoo vulnerability and was willing to share info if interested. He did not say something stupid like "I can teach you how to hack into Yahoo e-mail!". Some of you claim to have neg-ed him because you think he is lying. Well, since he got neg-ed to the point of being banning, I guess we'll never know.
I always consider security bugs in Yahoo (and other similar services) pretty serious. Considering that the service is so widely used, I think that anyone interested in computer security should find this issue interesting if nothing else. But instead of thinking that maybe there are people out there that consider this important, you neg the guy until he is banned. And let's face it. The only reason why is because he mentioned Yahoo instead of something else you people are interested in.
I guarantee that if the word "Yahoo" was replaced with "Slackware", he would have NEVER got neg-ed. Probably would have been given positive points for bringing it to the attention of everyone. Half the people here would want to know about it so they can patch their systems. But since it was Yahoo, he got neg-ed to death. That's pretty pathetic. Just because you don't use Yahoo, many others still do. There are people that use simple applications instead of dedicating their life to learning complex ones. There is nothing wrong with that. In fact if it wasn't for those people, many of you wouldn't have anything to brag about or to act all high and mighty about. Yet, you neg the guy until he is banned. For making a post that is in fact on topic. Yea, that's right, a security issue in Yahoo is still a computer security topic.
Maybe it should be specified up top of this site: "Computer Security WE FEEL is important". God forbid someone posts a security issue about an application you don't use.
Jared: You make a good point..... You probably didn't need to lob the insults around though. If Haquer had possession of a new exploit don't you think we'd also have heard about it though. This is the guy who also says he has an FTP site with longhorn on it.
In other circumstances your indignation would be appropriate, (when we know there is an exploit out there but the code is yet to be made public and someone comes on and says thay have it), but I do think that in this case you went a little off the deep end for someone who probably deserves the negs anyway.......
Just my 2c.....
I think it was exactly how he presented himself. He was saying he got an offline IM and that if anyone wanted to let him know. When exactly has anyone gotten any information from an offline message that was creditable when dealing with security? Especailly when it was that product? He gave us no information at all in who sent it, what it was about? I don't understand why he didn't post the message here in the tread?
Plus have you looked at this s thread?
Doesn't exactly sound like he was all up to par with our theme of not hacking and Warez and such.Quote:
Hello all. I just wanted to let you guys know that I have Windows Longhorn v.4015 on an ftp server. I am willing to deal and\or trade with some one for this operating system. I also have Windows 2003 Server. If anyone is interested, please either post here or email [email protected].
Just a thought...
~AciD
[edit] that's what I get for forgetting to hit the submit button [/edit]
I would also echo Jared's comments, though agree that Haquer should have presented his case/ideas a bit better were he wanting to be listened to, etc. Simply neg'ing people in to oblivion for mentioning hacks to Yahoo, Hotmail, AOL/AIM, Microsoft, or any of our other "favorite pieces of bugware" or such is, well... I don't exactly agree with it.
At the same time, I don't necessarily believe that "we'd simply know about it if it existed already" -- could be a Day 0 bug or something that's still in a pre-announcement phase that no one's mentioned... or still just a work-in-progress (though again, given the way the case was presented, more likely just a k00l d00d trying to get a response).
Guess I'll throw my own $0.02... FWIW... *shrug*
[edit]
And, yeah... just as AciDriveHB said, as our messages crossed in-flight... doesn't sound like this guy was "quite up to presenting his case" -- doesn't mean he didn't somehow have a line on something, but, well... *shrug*
But, if all spam were to be believed, I'd be filthy rich and my penis would be a few miles long by now, I think...
[/edit]
LOL you guys are making good points about not negging him. But the whole fact of the AP system to start with is the fact that we give them out when we don't like something. Haquer should have read the FAQ's of the site and actually "lurked" around and saw how we worked. Then maybe he would have been more informative about his information.
I think most of us go on gut feeling about newbies like this. And I would have to say 90% we are right about their intentions. Though we have a ton of newbies coming through here and such and don't get on their case unless we have reason. Personally I think we have a reason to be wonder what exactly Haquer was trying to get at.
I did send him an email, I also visited his website and sent him another email about it. So we will see if I get any responce.
~AciD
Yea, I use Yahoo, my son uses Yahoo, and my daughter uses Yahoo. I would have liked to know what he had to say. Well, maybe someone else will have that info. I hate to think we missed a chance to fix the problem. We could have been heros instead of Pac Men. On the other hand it could have be a trap. We have to wait and see, maybe.
Freddy
Fred Brown said:OK:Quote:
. We could have been heros instead of Pac Men
I doubt this is what the guy was talking about but i ran across an exploit at packstorm that allows a user to
like i said i doubt this is what the guys was talking about but here it is anyway.Quote:
Exploit for Yahoo Messenger, Yahoo Module that allows for remote command execution on a victim machine via bad URI handling. Requires the victim to view the html. Homepage: http://www.dtors.net/. By bob
Im so fed up with all this bull about email accounts getting "hacked" get over it.
If u do not like it then DONT use Email. hell Dont use the inter net, there is allways going to be some idiot out there thinking that he/she is all that just cos thay "hacked" an account.
Get over it, keep ur security high and change pass words regurlly tho simontainusly and dont do what the bank telles you "we recomend using to diffrent passwords and altering between the to". that is just idiousy. use a dif password every time and please nothing ovious.
thay are going to do it one way or enouther. so make it HARD for them in hopes thay will fail or give up.
If u dont like it then dont do it.
Nightfalls_Girl
Yes there will always be holes in security, that's just the way of life. I do not understand what you are so "fed up with" though? Did we do something to upset you with this post? And if so maybe next time you might be a little bit more polite about it rather than just throwing us an attitude. Your point is well made, but it seems like you are attacking us for simply wondering what haquer was trying to convay.
Just a thought...
~AciD
all the raggings been done already so ill just say, you really should of checked it out first. much harm has been done by a few that no one took seriously.
I cant beleive people are still coming in telling people they have "hacks", that 99.9% of the time dont work. Why do people even come here if they dont read the FAQS?
i think the AntiOnline attracts these people to think this site is like hackers.com or whatver crackers and script kiddies site .....i got one thing to say "im kinda drunk right now so all ScripT Kiddies and Cracker piss off and dont come back again until you have changed your path and are ready to secure your system and not hack someone elses back"
an offline instant message eh? What are all you and your friends talking over netsend... thats so cute.. next time invite me and ill bring the cookies and cake.Quote:
Originally posted here by haquer
I dont know about that. I just got an instant message, offline, that told of the new way.
On a serious note, why would you waste time trying to give out the information about how to "hack" (lmao) Yahoo mail whenever you could just be a REAL cracker and do it in stealth, instead of Yahoo actually getting cracked, searching around and finding out that someone on your ip had been at AO posting about this, "Well lets see he lives in texas, " etc etc.. why not just email Yahoo and say "Im going to do something totally stupid, so send the feds my way.."
I highly doubt that you can do any of this anyway, especially the netsend joke. But regards, i hope you read this even though you are banned. Haquers Inc. eh? meh.. i was right about the netsend thingy majiggy.
haquer> if you're reading this
ok ..since thefiend has blocked me from sendidn him PMs i'll just say it here..... am not bitching just giving my opinion and wondering why he negs people that much ...d00dz also told me that the fiend negs him without reason twice a weak ...so (NO i dont want to start another 86 reply discussion)....
Do you even know what your talking about here?
AP Poster: TheFiend
this was for the one post in here ....
SpidSh@d asked this Why do people even come here if they dont read the FAQS? ...
i gave SpidSh@d my opinion why Script Kiddies come here .... why The Fiend neg me ?... maybe because he is a Script Kiddie and i offfended him by sayin that ...
whats with folks supporting this guy, hes trying to sell subscrittions to his "security site", more over he obviously didn't read the site FAQ.
So his account was banned, so what its not like we killed him, he can come right back with a new name, and if he pays more attention he wont get banned again.
did i read that correctly???
in his second post, he said that he recieved an instant message offline?
man. this guy is special. maybe we *should* listen to him.
I think he meant he got a message from someone offline on yahoo messanger. ;)Quote:
Originally posted here by sickyourIT
did i read that correctly???
in his second post, he said that he recieved an instant message offline?
man. this guy is special. maybe we *should* listen to him.
No, HE wasn't online when the message was sent. When you sign into Yahoo you are displayed all the messages sent to you when you were off. Just to clear it out :)
ah, ive never used yahoo messenger... i signed up for it but never really used it..
hey, the pac man thing was COOL. Got more, got pacman?
Freddy
The starter of this thread was quickly banned. I find it amusing now because the thread is rated - extremely positive. :confused: LoL.
ya, well, go figure.
freddy
this is from some code dated 27-Jun-2003 :
* The shellcode used here...will not do anything malicious..just opens a popup box
* You can change this shellcode to something else...but the buffer is not very big
* so there is no chance of a bind shell or anything..simply because there is not
* enough space. Sloth from <somesite>.com has a shellcode that will download a file
* and execute it. Nice and small as well ;)
i imagine whatever it was was based on this and with a few week to work on it someone could have come up with a dangerous SK proggie
I wanted password of the following id
[email protected]
This is my Id and someone has hacked it.
Kalpesh, you will have to be more clear on what you want. None of us are able to get that password for you. By the way, this is a very old thread, you may want to ask for help be starting a new thread as long as it is a valid question and not "how do I haxor Yahoo".
Get your password here:
http://help.yahoo.com/help/us/edit/edit-20.html
or make a new account.
I suggest that you run some malware scans.
housecall.trendmicro.com
Maybe look over this-
http://www.antionline.com/attachment...&postid=768817