Monday, 31 October 2005
Sunday, 30 October 2005
Yahoo password hack warning
Actually, make that:
Note: I have kept the earlier, inaccurate, post title because this post gets a lot of traffic via search and has been linked to here and there, so I don't want to change the permalink. Though I hope the subhead in larger type makes things clearer.
It happens via Yahoo messenger.
You get a message, apparently from someone on your list. So far, I haven't been able to check if it's someone who's fallen for this, and whose account is being used, or a spoofed send.
The message is something along the lines of "see my new pictures." With a Geocities link. When you go to the link, even if you don't know that Geocities is a home page provider and that it was bought over by Yahoo many years ago, you see the reassuring "yahoo" in the URL, a Yahoo logo alongside the Geocities logo, and what looks like a Yahoo photos page that asks you to log in before you can proceed. All the links work, and go to genuine Geocities sign up, Terms and Conditions, Privacy Policies, etc. Except that you don't need a password to view a Geocities page. (Well, yes, you might, if the page owner has locked some pages behind a javascripty thingy or summat, but you won't need yo put in your Yahoo password.)
Proof? Just dump in any arbit name and password. It will seem to accept it (if you look quickly at your status bar, you'll see the page sending to another site).
Just a little while ago, I got what looked like a message from a pal. It didn't sound like him in the least, so my antennae were up. (Besides, a friend told me a few days ago she'd just got hit by a password-stealer, so I guess I was a little wary.)
Clicked the link, and it was as I described it above. Here it is: http://www.geocities.com/hot_pretty_belle/
And in case it's not up, here's a screen grab:
I did a little "view source" and here's what the form looks like underneath the hood. (I have the complete page saved, if one of you techwizards wants it. Just get in touch.)
*see update 2 below
(If the code in the image doesn't make sense to you, here's the skinny: when you hit "enter", the page sends your Yahoo ID and password to hot_pretty_belle, or whoever else has set up the page.)
Now that you know, want to have a little fun? Fill in username and password fields with language mama would have washed your mouth out with soap for. And hit enter. hot_pretty_belle (or whoever you next encounter trying this stunt) will get lots of piping hot email.
Be warned. You'll get another page offering you another sign in button. And a Sign Up button, which, on click, gives you a genuine-looking Yahoo sign up page. Just loook up at the URL. Too tired to go see that bit of source code now, so will leave it to you tech-adepts.
I'm going to wait a day before reporting this to Yahoo, so go send that hot_pretty_belle your love!
And do pass this on. No, you don't need to credit me. Well, if you insist. I'm a slut for link love.
Update 1
Did a bit of research, and found out what happen if you enter a genuine Yahoo ID and password and click through.
The page records your ID and password, then forwards you to the real Yahoo Photos site. You (: if you hadn't read this :) would have just muttered imprecations about the dorkiness of the pal who didn't give you proper links.
And a few minutes later, you would have got a message from Y!M saying "You have been signed off Yahoo because you signed in from another location."
This has been happening quite often, so it's not much point remembering specific URLs, like hot_pretty_belle. Just remember the method.
Update 2
Thanks to ViswaPrabha and Prashanth, who told the doofus - me - that even with angle brackets html-ised to show up on the page, the script would send comments on this post (and possibly blogger ID and password! shudder!) to the black hats who run the page I referred to. So, text removed and replaced with an image, and now it will behave like a normal, harmless blogger page.
I, for once, am glad that no one commented!
Many Thanks, VP and Prashanth.
Update 2 - 9th July 2006
Please see this diary entry at SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System and this entry on the McAfee Avert Labs Blog. The SANS page points out a development that didn't exist when I wrote this post:
Yahoo Messenger password scam warning
Note: I have kept the earlier, inaccurate, post title because this post gets a lot of traffic via search and has been linked to here and there, so I don't want to change the permalink. Though I hope the subhead in larger type makes things clearer.
It happens via Yahoo messenger.
You get a message, apparently from someone on your list. So far, I haven't been able to check if it's someone who's fallen for this, and whose account is being used, or a spoofed send.
The message is something along the lines of "see my new pictures." With a Geocities link. When you go to the link, even if you don't know that Geocities is a home page provider and that it was bought over by Yahoo many years ago, you see the reassuring "yahoo" in the URL, a Yahoo logo alongside the Geocities logo, and what looks like a Yahoo photos page that asks you to log in before you can proceed. All the links work, and go to genuine Geocities sign up, Terms and Conditions, Privacy Policies, etc. Except that you don't need a password to view a Geocities page. (Well, yes, you might, if the page owner has locked some pages behind a javascripty thingy or summat, but you won't need yo put in your Yahoo password.)
Proof? Just dump in any arbit name and password. It will seem to accept it (if you look quickly at your status bar, you'll see the page sending to another site).
Just a little while ago, I got what looked like a message from a pal. It didn't sound like him in the least, so my antennae were up. (Besides, a friend told me a few days ago she'd just got hit by a password-stealer, so I guess I was a little wary.)
Clicked the link, and it was as I described it above. Here it is: http://www.geocities.com/hot_pretty_belle/
And in case it's not up, here's a screen grab:
I did a little "view source" and here's what the form looks like underneath the hood. (I have the complete page saved, if one of you techwizards wants it. Just get in touch.)
*see update 2 below
(If the code in the image doesn't make sense to you, here's the skinny: when you hit "enter", the page sends your Yahoo ID and password to hot_pretty_belle, or whoever else has set up the page.)
Now that you know, want to have a little fun? Fill in username and password fields with language mama would have washed your mouth out with soap for. And hit enter. hot_pretty_belle (or whoever you next encounter trying this stunt) will get lots of piping hot email.
Be warned. You'll get another page offering you another sign in button. And a Sign Up button, which, on click, gives you a genuine-looking Yahoo sign up page. Just loook up at the URL. Too tired to go see that bit of source code now, so will leave it to you tech-adepts.
I'm going to wait a day before reporting this to Yahoo, so go send that hot_pretty_belle your love!
And do pass this on. No, you don't need to credit me. Well, if you insist. I'm a slut for link love.
Update 1
Did a bit of research, and found out what happen if you enter a genuine Yahoo ID and password and click through.
The page records your ID and password, then forwards you to the real Yahoo Photos site. You (: if you hadn't read this :) would have just muttered imprecations about the dorkiness of the pal who didn't give you proper links.
And a few minutes later, you would have got a message from Y!M saying "You have been signed off Yahoo because you signed in from another location."
This has been happening quite often, so it's not much point remembering specific URLs, like hot_pretty_belle. Just remember the method.
Update 2
Thanks to ViswaPrabha and Prashanth, who told the doofus - me - that even with angle brackets html-ised to show up on the page, the script would send comments on this post (and possibly blogger ID and password! shudder!) to the black hats who run the page I referred to. So, text removed and replaced with an image, and now it will behave like a normal, harmless blogger page.
I, for once, am glad that no one commented!
Many Thanks, VP and Prashanth.
Update 2 - 9th July 2006
Please see this diary entry at SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System and this entry on the McAfee Avert Labs Blog. The SANS page points out a development that didn't exist when I wrote this post:
The last interesting thing is related to obfuscation of the HTML. The attacker decided to use a product called HTML Protector. This tool basically just obfuscates HTML code using JavaScript but as a browser needs to be able to parse the HTML code, the unobfuscation function always has to be present, so with some spare time you can easily unobfuscate this.And the McAfee page points to this discussion on Broadband Reports, which also mentions the encrypted page.
Delhi Blasts - 2
Rediff says "the Union Health Ministry has set up a control room to ensure speedy treatment to those injured. The control room can be reached at 011-23061302."
Please don't swamp that number with calls unnecessarily.
And the Chief Minister advises people to stay away from the markets.
Please don't swamp that number with calls unnecessarily.
And the Chief Minister advises people to stay away from the markets.
Saturday, 29 October 2005
Delhi bomb explosions
At least three explosions in crowded market areas in Delhi are reported to have killed at least 21 people.Blasts were reported in Paharganj, near New Delhi railway station, Sarojini Nagar and Govindpuri. And a bomb was found and defused at Chandni Chowk.
Here's the BBC, Rediff, Indian Express, Hindustan Times, Reuters, The Hindu, Times of India, Outlook, NDTV.
Update
The injured have been moved to Dr Ram Manohar Lohia Hospital, Baba Kharak Singh Marg, Near Gole Dakkhana, New Delhi-1. (ph: +91 11 23365525, 23361948) and Safdarjang Hospital, Aurobindo Marg, South Delhi (ph: +91 11 26165060, 2665032, 26168336, 26864865).
[From the Delhi Government's Hospitals in Delhi Page and Sify.
Alea jacta est. Nunc est bibendum
Remember all those Latin expressions in the Asterix comics? Mainly from the old peg-legged pirate as the ship went down? Did you understand them all? Didja? Huh? Didja? Honest? Sind Sie sicher? Eerlijk? Absolument? (Darn. The Babel Fish doesn't do Czech.)
We have a swollen head, we do.
So no one's written us an ode. No sonnets or songs about us, no portraits or statues in public places, no fan sites, no groupies.
But we're quite tickled about this.
But we're quite tickled about this.
Friday, 28 October 2005
And now for the audio-visual round
Pal and colleague, J Krishnamurthi (a.k.a. JK a.k.a. Jakes), quizzer, quizmaster, techie and atrocious pun perpetrator has succumbed to the siren song of the blogosphere and set up not one but two blogs.
In Quizerati, he and his pals from Quizness will discourse knowledgeably on:
A. Quizzes
B. Quizzers
C.Malika Sherawat
D. All of the Above.
And on Musings of the completely jobless, he will talk about (going by current evidence):
A. Mallika Sherawat
B. Mallika Sherawat
C. Mallika Sherawat
D. Mallika Sherawat
Right. Do you need a lifeline?
In Quizerati, he and his pals from Quizness will discourse knowledgeably on:
A. Quizzes
B. Quizzers
C.
D. All of the Above.
And on Musings of the completely jobless, he will talk about (going by current evidence):
A. Mallika Sherawat
B. Mallika Sherawat
C. Mallika Sherawat
D. Mallika Sherawat
Right. Do you need a lifeline?
Join the dots
You're not paranoid, they can figure out which laser printer you used to print out those anonymous ransom notes. Even to the serial number.
[Via Ganesh's Corner]
[Via Ganesh's Corner]
Chennai update
Please see Chennai Help, where suman kumar, Chenthil, Ravages, Echo and Kaps are putting together information on the heavy rain and floods the city has been experiencing. From what I saw on TV a little while ago, it could get worse. There's a cyclone approaching, and Ongole, to the north, in Andhra Pradesh, is right in its path.
Man, talk about a year for disasters!
Man, talk about a year for disasters!
Subscribe to:
Comments (Atom)