Re: Yahoo/Geocities possible exploit/vulnerability

["crazy frog crazy frog" <i.m.crazy.frog () gmail com>]

yeah,
if some one has ur friends id and password he can send you such
message then u will enter ur password and it goes to ur friends and
continue........
-CF
-----------------------------------------
http://www.secgeeks.com
-----------------------------------------

On 8/15/06, Nick FitzGerald <nick () virus-l demon co uk> wrote:
> Jain, Siddhartha wrote:
>
> > The phishing apart, how can a userid be spoofed on Yahoo Messenger? Is
> > this something trivial? I thought Yahoo fixed the issue with Y!Messenger
> > 5.0.
>
> Ummmm -- unless I'm missing something here (and as I've already said
> I'm NOT a YIM expert), in any system (like YIM) that only does user
> identification through a username-and-password-style login, if someone
> knows your username and password, then that someone _is_ you as far as
> said system is concerned.  Of course, the phishers (or their bots)
> behind this scam are not really you, but YIM doesn't know that, so to
> YIM there is no spoofing -- when the phisher/bot did a YIM login with
> your credentials, as far as YIM was concerned, _you_ were logging in...
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


--
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
another wannabe, in hackerland!!!"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/