[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] My Hotmail is hacked

To: <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [LI] My Hotmail is hacked
From: "Archan Paul" <archanp@xxxxxxxxxxx>
Date: Tue, 9 Nov 1999 12:19:45 +0530
References: <49942025791-7289913c769@kcircle.com>
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

Hotmail is quite vulnarable. U can loss ur ISP password if u ever try to
check ur ISP provided POP mail from hotmail. Take a look at the following
mail I received from Jon Robson.

Again, I think this mailing list is not meant to provide the hacking info
but still consider this.

Archan
archanp@xxxxxxxxxxx
http://www.bigfoot.com/~archanp


.From: Jon Robson <los_alamos@xxxxxxxxxxx>.
.To: archanp@xxxxxxxxxxxx
.Subject: Hotmail vulnerability?
.Date: Wednesday, April 07, 1999 10:53 PM
.
.Hello there,
.
.I am what most people would consider a newbie.  However, I discovered
.a little something about Hotmail just now, thought you might be
.interested.  To get this to work, you must a) have somebody's hotmail
.account name and password; b) the person must have set up hotmail's
.POP mail options to recieve POP mail in Hotmail.  By downloading the
.link that says "POP Mail" just next to the "Check for New Hotmail"
.link in the inbox, it is possible to view the person's ISP login name,
.and cleartext ISP password.  Here is what I downloaded tonight (I will
.comment important stuff in brackets (), although you will probably
.already know anyways):
.
.1st POP Account: </b></td></tr>
.<tr><td align="right">POP Server Name:</td>
<td align="left"><input type="text" name="sname0"
.value="232.182.98.45" (ISP IP address or domain name) size=30
.maxlength=36></td></tr>
.<tr><td align="right">POP User Name:</td>
.<td align="left"><input type="text" name="uname0"
.value="los_alamos"(login name, I changed it of course) size=30
.maxlength=36></td></tr>
.<tr><td align="right">POP User Password:</td>
.<td align="left"><input type="password" name="upasswd0" value="luther"
.(unencrypted password, changed again, of course) size=30
.maxlength=36></td></tr>
.
.Although this is not a HUGE vulnerablility (you need an account, and
.the account must have POP mail set up), this seems like a fairly easy
.way to get the login name and password for an ISP...from there, it
.shouldn't be too hard to find the dial up number, using social
.engineering or something.  If you already knew about this, I'm sorry
.for bothering you with it.  Oh yea, is there any way to get
.Java/Javascript into Hotmail messages?  They filter the headers and
.such now, at least from what I've tried.
.
.Thank you for your time,
.
.Jon Robson



----- Original Message -----
From: Suresh Ramasubramanian <Suresh@xxxxxxxxxxx>
To: <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Cc: Dogpile ping <p_a_shok@xxxxxxxxx>
Sent: Monday, November 08, 1999 7:20 AM
Subject: Re: [LI] My Hotmail is hacked


> On 7 Nov 99, at 12:25, thus spake Linux India Digest:
>
> > I am a windows and linux user. today i logged on to my
>
> Hotmail has several PUBLISHED security holes which let others login
> to yr account without a passwd / you might have unwittingly
> responded to a scam mail (says it is from Microsoft / Hotmail admin,
> asks you to give yr passwd for some reason or the other).
>
> Hotmail will never ask you for yr passwd - as supervisor they have
> full access to yr acct whenever they want it.
>
> Try mailing this address - abuse@xxxxxxxxxxx - and asking them
> (give full details - date and time if possible).  They might be able to
> help you.  I'll give you another address (personal mail of an admin)
> if you get no response within some  three or four days.
>
> > > hacking or do u think if u use linux for browsing th
> > > internet my system or passwords would be safer please
> > > advise me.
>
> No damn use - your box still accepts cookies, and there are enough
> holes in Linux for you to be vulnerable (there are several more in
> WinDOZE though).
>
> Oh yes, check this up - You might have someone running Back
> Orifice or something like that on yr system (if a winDOZE box) or if
> you browse from a cybercafe, you might not have pressed the
> logout button but just closed the window and come out.
>
>
>
> Suresh Ramasubramanian
> 106D, Aditya Enclave, Ameerpet, Hyderabad 500038, India.
> Phone: +(91-40)3736553/3745398 | eFax: +(1-603)590-5437
> Suresh@xxxxxxxxxxx | Suresh@xxxxxxxx
> http://www.kcircle.com | http://www.angen.net/~pegasus/
>     To iterate is human, ...To recurse divine!!
>
> --------------------------------------------------------------------
> The Linux India Mailing List Archives are now available.  Please search
> the archive at http://lists.linux-india.org/ before posting your question
> to avoid repetition and save bandwidth.
>

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

References:
- Re: [LI] My Hotmail is hacked
  - From: Suresh Ramasubramanian

Prev by Subject: Re: [LI] My Hotmail is hacked
Next by Subject: Re: Re: [LI] My Hotmail is hacked
Previous by thread: Re: [LI] My Hotmail is hacked
Next by thread: Re: Re: [LI] My Hotmail is hacked
Index(es):
- Subject
- Thread