-
October 5th, 2001, 05:45 PM
#21
Hmmm
I dont want to say "no" , because anything is possible...
Under normal circumstances I would probably say "no", but I guess someone could, I remember reading several articles along time ago about Micro$oft Office problems, where a website operator could post a certain kind of file (Dont remember what kind though ), and a visitor with Office & IE installed would unknowingly automatically download the file and execute it. The option to Auto-Download these file could be turned off and I think the vulnerability was patched.. So I guess the only way someone could do that is by expoiting some unknown vulnerability.
I wouldn't be worried about it though! (But if you are, use Netscape (IE is too buggy) with everything turned off (javascript, autoinstall, java, etc)
Simon Templer
\"Your work is to discover your world and then with all your heart give yourself to it. \"
-The Buddha
-
October 5th, 2001, 06:38 PM
#22
Member
ok,thanks simon
-
October 5th, 2001, 07:36 PM
#23
Member
The Nimda worm/virus/trojan used website corruption as a vector for infecting end users.....
see http://www.cert.org/advisories/CA-2001-26.html
excerpts:
"Browser Propagation
As part of the infection process, the Nimda worm modifies all web content files it finds (including, but not limited to, files with .htm, .html, and .asp extensions). As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby infecting the browsing system. "
Suggested Workaround (as Simon indicated above)
"Disable JavaScript
End-user systems can become infected with the Nimda worm by browsing web sites hosted by infected servers. This method of infection requires the use of JavaScript to be successful. Therefore, the CERT/CC recommends that end user systems disable JavaScript until all appropriate patches have been applied and anti-virus software has been updated. "
cheers
I\'m not a BOT I\'m a beer droid!
Prepare to be Assimilated.
-
October 6th, 2001, 01:02 AM
#24
Junior Member
Brute force is a real bitch to set up but once it's running it's one of the best crack progs around, same as CrAcKwHoRe..Although Ive used both succesfully, Ive never cracked a password that quickly. Sometimes it can take days.......even weeks! Especially when the password is alpha numeric as you stated. If you're positive he didnt use a keylogger than I take my hat off to this cracker and bow before him for he is a far greater man than I!
-
October 6th, 2001, 05:36 AM
#25
Re: Crackers
THe person who break into may be using a good cracker(working on the technique BRUTE FORCE), since few of my friends are doing this they can also crack any email password within 10-15 minutes i have tested there skills on hotmail, yahoo, lycos. They were two quick to break it (7-8 min) , i used alphanumeric password.
A single person can crack a password with the tool that my friends have developed in atleast 45-50 minutes depends on the type of password. But if they three work on the password at a time they can do that in 10 minutes, so the person who break into ur email account may not be single otherwise if he was standalone then he is dame cool
-
October 6th, 2001, 01:14 PM
#26
Brute Force
Last time I checked Hotmail had fixed itself against brute forcer attacks. Check out Munga Bunga's Brute Forcer page.
Hackology
They clam that after the success of their brute forcer Microsoft upgraded their security. Check it out.
-
October 10th, 2001, 04:23 AM
#27
I'll tell you how to prevent it. Don't give him your e-mail address.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|