RE: Yahoo Account Security

From: Andrew Wordsworth (awordsworth@armorgroup.com)
Date: 05/01/02 

From: Andrew Wordsworth <awordsworth@armorgroup.com>
To: Laurence Brockman <laurence@fluxinc.com>
Date: Wed, 1 May 2002 09:53:43 +0100

Excellent method but make the tage refer to something hidden.

Or something that will intrigue.

a html file hidden somewhere.

Or send a trojan and use it to take control of your targets machine.

-----Original Message-----
From: Laurence Brockman [mailto:laurence@fluxinc.com]
Sent: 29 April 2002 20:31
Cc: security-basics@securityfocus.com
Subject: Re: Yahoo Account Security

Why don't you send an email message to your yahoo account with some embedded
html (or JavaScript?) in it (Such as a pic on your home server or
something).... or some friend that has apache running. Pick out a picture
that no one else will ever load, and wait for him to open the message. You
should get a line in the apache access logs with his source IP address...

Not sure if this would work, but it might be worth a shot.... anyone with
more experience with HTML email stuff think this would work?

Laurence

----- Original Message -----
From: "Sumit Dhar" <dhar@dexponet.com>
To: "Tony Abedini" <tabedini@yahoo.com>
Cc: "H C" <keydet89@yahoo.com>; <security-basics@securityfocus.com>
Sent: Saturday, April 27, 2002 4:49 AM
Subject: re: Yahoo Account Security

> On Thu, 25 Apr 2002, Tony Abedini wrote:
>
> > Obviously if I changed my password, then I'd ruin the
> > chance of the person logging in again, so NO I haven't
> > change my password.
>
> The classic "hunted turning hunter" maneuver?? :)
>
> But if someone has your password, I would still assume the best thing to
> do would be to change it immediately. What happens if *he* changes it
> first? You would be probably locked out of your account and take my word
> for it, making a new ID and letting everyone know of it is not worth the
> pain. If the account is of no consequence, fine.. play on. But if it
> important, remember he has access to your documents and can cause
> problems if he gets nasty. :(
>
> If you really want to know who it is, use the data you already have.
> Will additional data really help?? Is Yahoo cooperating in this? I would
> have serious doubts about their giving you the IP etc.
>
> Just my $0.02 worth.
>
> <a href=http://dhar.homelinux.com/dhar/>Sumit Dhar</a>
> Manager, Business Development and Products,
> SLMsoft.com
>
>

Relevant Pages

  • Re: Yahoo Account Security
    ... Why don't you send an email message to your yahoo account with some embedded ... Not sure if this would work, but it might be worth a shot.... ... more experience with HTML email stuff think this would work? ...
    (Security-Basics)
  • Re: Converting text with links to" simple html"
    ... If there's any way to view the HTML source in Word 2007, ... I'm emailing the doc and I have to use a yahoo account to do it. ... If I understand you you mean to save as Filtered HTM in Word. ... MSFT hasn't got a newsgroup on web page design or simple html. ...
    (microsoft.public.word.newusers)
  • Re: Why cant I paste an e-mail from yahoo into my word doc?
    ... Yes I did get a error message. ... You can save the HTML file from your browser and open that in Word, ... or try to open the URL to your yahoo account ...
    (microsoft.public.word.docmanagement)
  • Re: WordPerfect converters/plugin
    ... Email them to a Yahoo account and Yahoo will convert them to display in ... HTML. ...
    (microsoft.public.mac.office.word)
  • Re: is it possible (fake file)
    ... > really good look at the cost and benefits of accomplishing what you want and ... > Internet Explorer? ... The data is readonly and is a snapshot (HTML is stateless). ... > Whatever that's worth. ...
    (microsoft.public.development.device.drivers)
Quantcast