Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 3 members online
EH-Net Donations

Enter Amount:
$

Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations





 
Advertisement

You are here: Home arrow Forum
Ethical Hacker Community Forums
December 01, 2008, 03:41:45 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 [2] 3 4 ... 24
16  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 02:33:19 PM
Apparently many are trying this as the account is locked out for 24 hours.

Don

Dang Bro you were trying? If you need the bread that bad I will just send it to you, lol.  Interesting because I am not locked out . Let this ride for a little because we in security need to see if someone can. So far no results and its actually very easy.
17  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 02:28:08 PM
LOL, greedy bastards!  Hey being a hacker is like being a wealthy Doctor. You know, a person with lost of "patients", Ha Ha! 
18  Ethical Hacking Discussions and Related Certifications / Forensics / Re: Hacking through wi-fi networks on: September 25, 2008, 02:22:06 PM
If I put on my "groucho glasese" http://www.fakecrap.com/products/groucho_glasses.html and go to a free wifi spot , change my mac address and set up a new email account on yahoo, see if you can find me! I have made so many death threats to Don already, lol.  Just kidding !!!!!!!

But really, you have to know the difference if you are into security.
19  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 11:54:24 AM
Ok try this account:  Kvntu10@yahoo.com. I set this up with some easy possibilities for people to crack to make it more interesting.
20  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 11:36:23 AM
LOL! Good job as far as social engineering goes Jimbob. I had actually thought of a figure like that but changed it at the last second because it was too obvious. Very good!   
21  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 03:09:29 AM
Kris and I are are talking about how to make this equal. I am currently  trying to make this fair. I am thinking I will make it  2 levels on this. Hey I want you to crack this. If you can you will be safe as as far as who you are, I swear to god!   CRACK ME BRO!  We need to know! That's  it. 
22  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 01:44:26 AM
I am serious and I will pay the amount of money I disclosed in that email! We have thousands of viewers here.  If you can hack my email with any of those tools I will gladly pay you the amount I mentioned plus 10% of all my contracts in the next 2 years.  Please believe me that's not bad money and way better than Vegas!  I even put a wimpy password on it , lol!
23  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 01:32:27 AM
Awesome graphics as far as websites goes. Okay, if you can hack this simple email with one of those tools I will pay the money I disclosed in this email at knvtu1055@yahoo.com.  Lets test it.
24  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 01:00:55 AM
LOL, yes you should do that.

Its true that in the past Yahoo and a number of others were subject to some interesting vulnerabilities including some simple SQL attacks, things have now changed.  I dont know why but hacking email accounts has always been the target for every newbie in hacking.  They see it as such a juicy target. Because of this, so much misinformation gets spread around to take advantage of this. Every hacker forum or IRC channel is filled with requests about teaching how to hack emails. Usually I think they just want to freak out their friends.  I am so jaded with it that if anyone comes to a forum now and asks how to hack emails I automatically have a question mark. Although it is a legitimate question because we do need to be concerned if such a thing is possible.  In a pentest hacking emails is almost never allowed in my experience, but if it is it can be a bonus.  In reality hacking email is best done with social engineering, keylogging and capturing sessions.  If you see a link on your favorite forum that sells a book about the  untold methods of hacking emails or a special program, just laugh and save your money! 
25  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 25, 2008, 12:30:03 AM
Is there a way to trick the mail server into actually providing you the password?

Nope. I love urban myths.
26  Ethical Hacking Discussions and Related Certifications / Other / Re: email password hacking on: September 24, 2008, 11:55:49 PM
Sorry, but it cant be done with the methods you mentioned.
27  Resources / Tutorials / Re: I need security....Please help on: September 24, 2008, 08:36:48 PM
That’s a good site that Kris mentioned and a lot of people I know use it. Of course the only 100% proof way of protecting yourself is not installing period, but that’s not really practical for most end users.   If you have a program that you are questioning, there are 3 ways that I like to implement as far as a security check.  First, is to run it through several AVs.  Second is if I can inspect the source code and if the program is small enough you can have some success in decompiling it.  The final is to install it on your isolated lab machine that’s has common apps like office installed and monitor it from another box inside the network. Its important to monitor it from another box not just look at it from inside the box, (think outside the box, lol) because rootkits can fool the host OS but not a separate machine on the network. You should do both actually and tripwire still has value here as far as an inside the box.   Did a port open up suddenly, etc… Now even this is not 100% perfect because a program can be coded to open on a certain event or even a future date, so hopefully inspecting the code helps to reveal this.  Of course this process is cumbersome, but what the payoff is for us is when we do catch something and it’s well done. Being able to monitor and dissect it can pay off in dividends in the end.
28  Ethical Hacking Discussions and Related Certifications / Malware / Re: write my own exploits ? on: September 23, 2008, 09:31:25 AM
Yes, well stated Apollo.
29  Ethical Hacking Discussions and Related Certifications / Malware / Re: Whitehat rootkits to prevent theft? on: September 21, 2008, 01:17:48 PM
I have a bomb installed in my laptop and if someone turns it on and doesn't punch in the correct code within 8 seconds they are history. Screw the idea of recovering it and prosecuting.

The reality is if you lose your laptop its gone. Even if you did have a way to trace it to some IP, what do you do next?  Get a court order for the ISP to give up the info? Run to the FBI about your $600 laptop?  I am sure the local police will be just so excited to jump on this one. I am not saying you couldn't pursue it, with enough time and money I am sure you could. There better be some really important data on it to make it worth your while.

The reality is the best thing you can do is make sure you back up, encrypt, cover with insurance and a little prayer never hurts!
30  Ethical Hacking Discussions and Related Certifications / Other / Re: Password reset beware on: September 20, 2008, 09:16:29 AM
As far as free email accounts are concerned, If you follow good password rules along with false password reset information you will be fine in most cases. Your main concern then will be keyloggers. Never check your email from a public computer, say for instance like one in a hotel lobby Someone I know just did and there was a keylogger installed that captured his email password which in turn allowed whoever it was to transfer a large amount of money from his Etrade account.  Your second concern would be checking your email from a free wifi hotspots where you might encounter fake login pages or session captures. Session captures with tools like ferret, etc...work ok in lab situations but are tricky  to do in the real world, at least in my experience and are still rare so I am not as worried about those at this time. However I am sure in time it will improve and become more popular.  I guess if we really want to get paranoid, we can worry about sniffers being placed at the ISP , which is not a bad reason to to encrypt actually.

I am sure everyone has read this about Sarah Palin on the Errata security site:
The "hacker" saw the e-mail address "gov.sarah@yahoo.com" appear in a Washington Post story about the Governor. He tried the password recovery tool and found the question. He googled for information about the answer. After a few tries like "high school" he finally got the right one, "Wasilla high".

 If you feel inclined to use a free email service, use Gmail. For instance while Yahoo will give up your secret question to anybody who asks for it, Gmail will only give out your secret question after 5 days of inactivity on the account. Not a huge security advantage but still little things can add up to frustrate some attackers.
Pages: 1 [2] 3 4 ... 24
Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.071 seconds with 21 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net


Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.