Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] marc's list getting bigger, grab while you can

from [Tom Harrison] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] marc's list getting bigger, grab while you can
Date: Tue, 16 Jan 2007 09:59:06 -0000 
PEBKAC, as usual. 

There was a spoofed login page at http://www.marcolano.com/login/
(Googlecache vers:
http://64.233.183.104/search?q=cache:u2RtwlpBqFcJ:www.marcolano.com/logi
n/+inurl:marcolano&hl=en&gl=uk&ct=clnk&cd=2) that was identical to the
myspace login page. My guess is that he's bounced people to it either
from his "funny" Tom Cruise joke page,
http://www.marcolano.com/funny/comic_tomcruise.html, which seems to be a
good bit of viral memeing, or the Marc Olano Editor (linked
(googlecache) from here:
http://64.233.183.104/search?q=cache:AT_1eXGvYf8J:profile.myspace.com/in
dex.cfm%3Ffuseaction%3Duser.viewprofile%26friendID%3D19262067+marc+olano
+editor+myspace&hl=en&gl=uk&ct=clnk&cd=1) which looks to be a layout
creator for myspace pages.

Either one would keep within his target demographic of myspace users,
though the Tom Cruise one less so.

Though I admit I have no idea what
"fuseaction=mail.inbox&Mytoken=C4A2B3AF-1320-5CEA-FA0C50BA36B05197421825
75" does, one of the hidden inputs in his spoofed login page.

That's from some relatively lo-fi google-fu, a look at the domain gives
registration info that's probably relatively current. Maybe someone
should call him and ask :)?

Tom

-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Deepan
Sent: 16 January 2007 06:31
To: Emma Perdue
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] marc's list getting bigger, grab while
you can

On Mon, 2007-01-15 at 12:49 +0000, Emma Perdue wrote:

56000+ myspace accounts (hotmail, yahoo, gmail credentials are bonus)

http://www.marcolano.com/login/myspace.txt


Can you give details about the bugs in myspace that you used to hijack
the credentails ? 
Thanks
Deepan 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] marc's list getting bigger, grab while you can, Deepan
Next by Date:  Re: [Full-disclosure] Major gcc 4.1.1 and up security issue, Gwiasda Patrick
Previous by Thread:  Re: [Full-disclosure] marc's list getting bigger, grab while you can, Deepan
Next by Thread:  [Full-disclosure] Uninformed Journal Release Announcement: Volume 6, fdlist
Indexes:  [Date] [Thread] [Top] [All Lists]