Geeks With Blogs

Tangible Thoughts SharePoint, MOSS? and all the other questions

Its surprising that even with all the awareness being raised on security, human beings will always be the weakest link. For example today most folks at the place I work lost their yahoo accounts coz of a certain spam message which took them to a site to view some photos.

A very simple exploit it was too. a field for the user name and password, form post action which is routed through a cgi script to an email address. The next stage is I would assume is to have some means of spamming all contacts in the hacked account with the spam message. Could be done very easily by running a screen scripting tool (e.g. LoadRunner) to pick the user name/password from the email, login via yahoo, and then change the stolen accounts password, mass-message all contacts in the stolen account the url to nefarious site.

Very simple and spreads like those pentagon schemes. But I got to hand it to the 'hacker' on how genuine the nefarious site looked.

Update: A certain smart-aleck was able to chat with the hacker, and find out what the default passwords set by the nefarious site was. Smart-aleck then decides to send an email to a very wide distribution list what it is. I consider that a very dangerous move. Priamriy becuase prior to that the account was safe although not accessible, not so anymore, after that email goes out, its open to anybody.

Anyways speaking about exploits be on the lookout for this one. Genious.!!

Technorati : ,

Posted on Friday, June 9, 2006 4:17 PM Misc | Back to top

Comments on this post: Example: The Biggest threat Security is still Human Beings

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Tariq | Powered by: