Vulnerability Development mailing list archives
Secure Yahoo logins
From: "Jeremy" <prrthd () myrealbox com>
Date: Tue, 27 Aug 2002 22:10:48 +0000
Hello all, Recently, it has come to my attention that many of our users are using the standard login to access their yahoo accounts. I want to push a policy that requires them to use the secure login option instead. I would like to show my boss that you can capture the username and password by simply doing some sniffing. Well, to do a test I fired up ethereal and captured a session of me logging into a new yahoo account. What kind of suprised me is the password looks encrypted. My first guess was it was just base 64 mime encoded but that turned out to be wrong. Does anyone have any idea on how they encrypt their passwords or have any tools that will try and crack the passwords. My other question is if the passwords are encrypted why do they offer a secure login option? How does that increase security, other than adding a brief ssl session. Thanks, Jeremy
Current thread:
- Secure Yahoo logins Jeremy (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
- Re: Secure Yahoo logins David Schwartz (Aug 27)
- Re: Secure Yahoo logins John Madden (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 28)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 27)
- Re: Secure Yahoo logins David Thiel (Aug 27)
- Re: Secure Yahoo logins Nick Jacobsen (Aug 28)
- Re: Secure Yahoo logins David Thiel (Aug 28)
- Re: Secure Yahoo logins Steve Bremer (Aug 28)
- Re: Secure Yahoo logins David Thiel (Aug 27)
- Re: Secure Yahoo logins Roland Postle (Aug 27)
- <Possible follow-ups>
- Re: Secure Yahoo logins Alan McCaig (Aug 28)