Announcement

Collapse
No announcement yet.

Yahoo Password Hacked.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Yahoo Password Hacked.

    Ok, guys, something wierd happened last night.

    I am on the computer at roughly 10PM EST and am just about to log off when I get this:

    Session Start Sat Nov 12 20:04:11 2005
    [19:39] classy_erica666: >:D< (Link: http://www.geocities.com/party_girl_...eocities45.htm
    Session Close (classy_erica666): Sat Nov 12 19:45:25 2005

    I searched profiles and came up blank. So, like any normal person I clicked the site. I did not see anything there(site was supposedly down), and due to the fact that it was geocities, I did not consider what content it might or might not hold. I ran a virus/trojan scan this morning, as I usually do before I start messing around, it came up blank, and when I tried to log into my messanger, it said my password had been changed. Furthermore I recieved an email from yahoo saying that at 1:30 am this morning, I apparently changed it. That is total bullshit.

    Anyway, this is a message to anyone using a yahoo account for their messanger service. If you see a link and don't know the person, apparently your password CAN be changed.
    -Ridirich

    "When you're called upon to do anything, and you're not ready to do it, then you've failed."

    Commander W.H. Hamilton

  • #2
    Originally posted by Ridirich
    Ok, guys, something wierd happened last night.

    I am on the computer at roughly 10PM EST and am just about to log off when I get this:

    Session Start Sat Nov 12 20:04:11 2005
    [19:39] classy_erica666: >:D< (Link: http://www.geocities.com/party_girl_...eocities45.htm
    Session Close (classy_erica666): Sat Nov 12 19:45:25 2005

    I searched profiles and came up blank. So, like any normal person I clicked the site. I did not see anything there(site was supposedly down), and due to the fact that it was geocities, I did not consider what content it might or might not hold. I ran a virus/trojan scan this morning, as I usually do before I start messing around, it came up blank, and when I tried to log into my messanger, it said my password had been changed. Furthermore I recieved an email from yahoo saying that at 1:30 am this morning, I apparently changed it. That is total bullshit.

    Anyway, this is a message to anyone using a yahoo account for their messanger service. If you see a link and don't know the person, apparently your password CAN be changed.
    Correlation is not causation, but you have right to be suspicious.

    Here is what I would suspect:
    The URL you saw was not actually the place visited.
    IIRC, there have been a few attacks against MSIE to allow use of the NULL character in wrapping an improperly formatted string to display one URL in the web browser window, when in reality another site was being visited.
    Since many forums allow use of GET with URL encoded form variables, and cookies are active per host web browser, it is possible that the link submitted data through a clever GET to change your password when you clicked on it.

    This is just a guess. There are other ways they could have "owned" your account too, and some could abuse web browser weaknesses.

    Comment


    • #3
      Yeah. I am using FireFox, however.

      I am concerned only due to the nature of the crime, not to the loss of the account itself.
      -Ridirich

      "When you're called upon to do anything, and you're not ready to do it, then you've failed."

      Commander W.H. Hamilton

      Comment


      • #4
        For what it's worth, yesterday when I tried to log onto Y! messenger i got an error saying my pwd was incorrect, though when I logged into fantasy football everything was fine. It could have just been problems with their IM servers.
        jur1st, esq.

        Comment


        • #5
          Yahoo Messenger has been having trouble with Phishing, A person. lets call them the victim clicks on a link to a profile, it asks them to login, so they login thinking they have to do that anyways to view it, then after they submit it. It goes to the real yahoo site, askin you to login again, but before it refers you, it sends your username and password. to the phishier email account. Then the phisher accesses your Messenger and sends the above link to all of your contacts. And the process goes on. I caught them as i was a victim but i changed my password as soon as i looked at the source. My friend wasnt so lucky, I contacted yahoo. and got the site pulled down. But this is happening all over. Look at the source on pages that look unfamilar, phishiers are getting smart ;)

          Comment


          • #6
            http://search.cc.yahoo.com/search

            I emailed customer care with my header included to prove it was from me and was from their server. I should be hearing a reply soon, but indeed it does appear I was phished. Interesting.
            -Ridirich

            "When you're called upon to do anything, and you're not ready to do it, then you've failed."

            Commander W.H. Hamilton

            Comment

            Working...
            X