[BC] note to the list
RichardBJohnson at comcast.net
RichardBJohnson at comcast.net
Fri Jun 8 18:38:50 CDT 2012
A typical trick, which works with any web-crawler, is for a web page to pretend that it is a Facebook or other common service. Since the real service must have files that are readable, it is very easy for a hacker to copy them to his own web-server and modify them to use his resources. The result is an "identical" Facebook login screen. The user enters his username and password, which are saved in a file for later damage. The real Facebook is then accessed with the username and password already obtained. The user is completely unaware that there has been a "man-in-the-middle" capturing the login information.
The main trick is to get the user to log into the phony web page. One way to do this is to send a victim an Email that claims one must log in today or the account will "expire." The victim is provided the link in the Email and dutifully logs in to "verify" the account. There are many other ways, including modifying a DNS using software back doors.
Cheers,
Richard B. Johnson
Book: http://www.AbominableFirebug.com/
----- Original Message -----
From: "Cowboy" <curt at cwf1.com>
On Friday 08 June 2012 08:03:58 am David Kaye wrote:
> The problem is not services such as AOL or Yahoo, but users who use extremely simple passwords.
Actually, no.
This sort of problem stems not from cracked accounts, but
from Windows virus that crack the address book, then send
spam purporting to be from some address, but is not.
( and other places as well, but almost never from cracked accounts )
More information about the Broadcast
mailing list