ABhishek
02/21/2006, 20:24
Ok Now this one is going to be big , but it's also gonna be helpful ...
Now I once wrote this papaer for my website which I feel needs to be shared with all of you , since all of you deal with money !!!Though the Programmer crowd in here may be well alware of all these, Maybe this can help the unaware webmasters,
All I'd like to request the SL staff is to make this sticky if you find it helpful
Now, I'll post it in 2 parts , since SL allows only 10k characters long post,
Let's Begin,
If you are a regular Yahoo chatter or visit Hackin based forums or anywhere in general , one Question that you must have definitely come across is "Can you tell me how do I hack yahoo or hotmail or egold?"
It's become a type of joke among frequent visitors of hacker related chat rooms and websites. This article is being written for the sole purpose of defending yourself against such actions.
Let's start by Dispelling a few rumors:
You can use a bruteforcer[one which tried many possibilites of passwords for a particular username] program to get a Yahoo,Hotmail & egold passwords password.
>>My Point>>This simply is not the case. Both Yahoo and Hotmail have security in place specifically designed to stop this kind of attack. Yahoo requires that you enter a random code into an additional field provided as well as the UN and PW after 16 failed login attempts. Failure to enter the correct code will result in a failure to log into the account, even if the Usermame and Passwrods are correct. Hotmail has a different security feature which sends the user to a "lockout" page, which has NO field to enter the Username or Passwords after just one failed attempt.As in egold you are required to enter a turing number which serves em by preventing unlimited signups and/or Cracking/Bruteforcing egold accounts!
There are programs that hack Yahoo, Hotmail and egold.
>>My Point>> Once again, that's not entirely true. While there are programs that claim to be able to hack hotmail, yahoo or egold, all they really seem to be are specialized keyloggers and trojans that send the info from a targets computer. The question is then, if you can get a target to download / run a program, then why would you only steal their email account information? Why not simply take control of the whole thing? A lot of people that use these programs are not well versed enough to know how to cover their tracks and can easily be caught when using such programs. Many of these programs are also specially designed to steal information from the computer that tries to run it,thus exploiting the would-be attacker.
You can email an automated pw recovery service and trick it to gain the pw of the account you choose.
Ever see something that goes something like this:
: : : (([[THIS REALLY WORKS ]])) : : :
(1) send an E-mail to pass.recoverybot@yahoo.com
(2) In the subject box type the screen name of the person whose password you wish to steal
(3) In the message box type the following: /cgi-bin/start?v703&login.USER={your Egold username}&class=supervisor&f={your Egold password}&f=27586&javascript=ACTIVE&rsa
(4) Send the e-mail with priority set to "high" (red in some mail programs)
(5) Wait 2-3 minutes and check your mail
(6) Read the message. Where YOUR password was typed before, NOW, the password of the screen name in the code string is there!!!
Why does this work? It's a special decryption-server that AOL-employees can use to decrypt passwords. The aol backdoor account is a bot that reads your authentification from the message body and identifing you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot's script seems to be a little bit buggy and it automatically recognizes you as a supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.
Well, here's another scam designed to steal your information. This may also explain some of the people saying they were hacked. Obviously, donā't send your password to anyone.
>>My Point>>What it all comes down to is this:
If you're looking to get an email ID, you hack the targets PC, not hotmail ,yahoo or Egold directly. If someone were to actually crack into the hotmail,Yahoo or Egold servers, they would be logged, traced, and the security flaw patched I would say within 15-50 minutes. These types of companies have a multi million or even billion dollar backing, a literal army of first class techs and security teams, and apply the newest SW, HW and intrusion detection/protection methods the industry has to offer.
Now on the other side of the story, you have an end user who probably hasn't even installed SP2 on XP, has all the default settings enabled, doesn't know an .exe file from a .com, uses an un-patched version of IE or AOL or FF, doesn't know how to enable their firewall or configure it if it is enabled, etc.
In other words, why attack a well-trained, well-equip army guarding a document when you can attack a less able individual to get it?
Part 2....below
Now I once wrote this papaer for my website which I feel needs to be shared with all of you , since all of you deal with money !!!Though the Programmer crowd in here may be well alware of all these, Maybe this can help the unaware webmasters,
All I'd like to request the SL staff is to make this sticky if you find it helpful
Now, I'll post it in 2 parts , since SL allows only 10k characters long post,
Let's Begin,
If you are a regular Yahoo chatter or visit Hackin based forums or anywhere in general , one Question that you must have definitely come across is "Can you tell me how do I hack yahoo or hotmail or egold?"
It's become a type of joke among frequent visitors of hacker related chat rooms and websites. This article is being written for the sole purpose of defending yourself against such actions.
Let's start by Dispelling a few rumors:
You can use a bruteforcer[one which tried many possibilites of passwords for a particular username] program to get a Yahoo,Hotmail & egold passwords password.
>>My Point>>This simply is not the case. Both Yahoo and Hotmail have security in place specifically designed to stop this kind of attack. Yahoo requires that you enter a random code into an additional field provided as well as the UN and PW after 16 failed login attempts. Failure to enter the correct code will result in a failure to log into the account, even if the Usermame and Passwrods are correct. Hotmail has a different security feature which sends the user to a "lockout" page, which has NO field to enter the Username or Passwords after just one failed attempt.As in egold you are required to enter a turing number which serves em by preventing unlimited signups and/or Cracking/Bruteforcing egold accounts!
There are programs that hack Yahoo, Hotmail and egold.
>>My Point>> Once again, that's not entirely true. While there are programs that claim to be able to hack hotmail, yahoo or egold, all they really seem to be are specialized keyloggers and trojans that send the info from a targets computer. The question is then, if you can get a target to download / run a program, then why would you only steal their email account information? Why not simply take control of the whole thing? A lot of people that use these programs are not well versed enough to know how to cover their tracks and can easily be caught when using such programs. Many of these programs are also specially designed to steal information from the computer that tries to run it,thus exploiting the would-be attacker.
You can email an automated pw recovery service and trick it to gain the pw of the account you choose.
Ever see something that goes something like this:
: : : (([[THIS REALLY WORKS ]])) : : :
(1) send an E-mail to pass.recoverybot@yahoo.com
(2) In the subject box type the screen name of the person whose password you wish to steal
(3) In the message box type the following: /cgi-bin/start?v703&login.USER={your Egold username}&class=supervisor&f={your Egold password}&f=27586&javascript=ACTIVE&rsa
(4) Send the e-mail with priority set to "high" (red in some mail programs)
(5) Wait 2-3 minutes and check your mail
(6) Read the message. Where YOUR password was typed before, NOW, the password of the screen name in the code string is there!!!
Why does this work? It's a special decryption-server that AOL-employees can use to decrypt passwords. The aol backdoor account is a bot that reads your authentification from the message body and identifing you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot's script seems to be a little bit buggy and it automatically recognizes you as a supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.
Well, here's another scam designed to steal your information. This may also explain some of the people saying they were hacked. Obviously, donā't send your password to anyone.
>>My Point>>What it all comes down to is this:
If you're looking to get an email ID, you hack the targets PC, not hotmail ,yahoo or Egold directly. If someone were to actually crack into the hotmail,Yahoo or Egold servers, they would be logged, traced, and the security flaw patched I would say within 15-50 minutes. These types of companies have a multi million or even billion dollar backing, a literal army of first class techs and security teams, and apply the newest SW, HW and intrusion detection/protection methods the industry has to offer.
Now on the other side of the story, you have an end user who probably hasn't even installed SP2 on XP, has all the default settings enabled, doesn't know an .exe file from a .com, uses an un-patched version of IE or AOL or FF, doesn't know how to enable their firewall or configure it if it is enabled, etc.
In other words, why attack a well-trained, well-equip army guarding a document when you can attack a less able individual to get it?
Part 2....below