Full Disclosure mailing list archives
Re: Yahoo/Geocities possible exploit/vulnerability
From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
Date: Tue, 15 Aug 2006 13:23:55 +0530
yeah, if some one has ur friends id and password he can send you such message then u will enter ur password and it goes to ur friends and continue........ -CF ----------------------------------------- http://www.secgeeks.com ----------------------------------------- On 8/15/06, Nick FitzGerald <nick () virus-l demon co uk> wrote:
Jain, Siddhartha wrote: > The phishing apart, how can a userid be spoofed on Yahoo Messenger? Is > this something trivial? I thought Yahoo fixed the issue with Y!Messenger > 5.0. Ummmm -- unless I'm missing something here (and as I've already said I'm NOT a YIM expert), in any system (like YIM) that only does user identification through a username-and-password-style login, if someone knows your username and password, then that someone _is_ you as far as said system is concerned. Of course, the phishers (or their bots) behind this scam are not really you, but YIM doesn't know that, so to YIM there is no spoofing -- when the phisher/bot did a YIM login with your credentials, as far as YIM was concerned, _you_ were logging in... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) "oh yeah oh yeah... another wannabe, in hackerland!!!" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Yahoo/Geocities possible exploit/vulnerability Jain, Siddhartha (Aug 14)
- Re: Yahoo/Geocities possible exploit/vulnerability Nick FitzGerald (Aug 14)
- <Possible follow-ups>
- RE: Yahoo/Geocities possible exploit/vulnerability Jain, Siddhartha (Aug 14)
- Re: Yahoo/Geocities possible exploit/vulnerability Schanulleke (Aug 14)
- RE: Yahoo/Geocities possible exploit/vulnerability Nick FitzGerald (Aug 15)
- Re: Yahoo/Geocities possible exploit/vulnerability crazy frog crazy frog (Aug 15)