Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › yahoo mail keeps getting hacked
New Posts  All Forums:Forum Nav:

yahoo mail keeps getting hacked - Page 6

post #51 of 64
Quote:
Originally Posted by mushroomboy View Post
Too bad FF tells me what every link is on the bottom right of my screen. Not to mention I run Linux, it wouldn't do jack. Lets say it would have, there are a few hacks that would actually do that. Even if I clicked on it, tell me what exploit would have dropped a rootkit? I highly doubt you even know.
java is cross platform and we are talking about windows and UAC. Not linux and root. I was making a example. Those link scanners work only if the link was reported by a previous victim of it. So someone has to get nailed first before someone else gets warned by it.

Btw why do you comment on its safe to go on without UAC when you are using linux? Since when does linux have UAC?
And ill just rip your cookie info. Don't need a specific exploit got the source code for Zeus, Icepack, neosploit here plus Metasploit and Stuxnet source code. Zeus toolkit comes with support from Russia with love.
You can buy a nice rootkit for 10bucks of the net.
Edited by Spooony - 6/23/11 at 9:13pm
post #52 of 64
After you've setup your pc, enable uac. You know, it's like a 3rd hoop that's annoying but it makes a hacker have to jump thru it too so you'll know when that window pops up, shenanigans.
The 3930
(26 items)
 
Junior's 3930
(22 items)
 
DATA/HTPC
(20 items)
 
  hide details  
Reply
The 3930
(26 items)
 
Junior's 3930
(22 items)
 
DATA/HTPC
(20 items)
 
  hide details  
Reply
post #53 of 64
I use windows (on rare occasions) and I have UAC disabled every time. I turn java off unless I want it, good old plugins.

Also, it's not a link scanner it literally tells me the link address. I can look at it and read "yahoo mail keeps getting hacked 2" and know that it's a direct link back here. I can also see if it's a link to a bogus site or not.

None of this is really related to UAC, it's still a POS. And to the poster above, it doesn't help you stop hackers but malicious software that you've (most likely) got on your pc already. In all reality it is a safeguard to dumb users, that is what it does most of the time.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #54 of 64
Quote:
Originally Posted by mushroomboy View Post
I use windows (on rare occasions) and I have UAC disabled every time. I turn java off unless I want it, good old plugins.

Also, it's not a link scanner it literally tells me the link address. I can look at it and read "yahoo mail keeps getting hacked 2" and know that it's a direct link back here. I can also see if it's a link to a bogus site or not.

None of this is really related to UAC, it's still a POS. And to the poster above, it doesn't help you stop hackers but malicious software that you've (most likely) got on your pc already. In all reality it is a safeguard to dumb users, that is what it does most of the time.
how often do you update the linux kernel.
Crackers search this databases
http://securityreason.com/securityal...ty+Database%29

Then they try them on people especially some linux users thinking they can't be touched.

This one was discovered after playing around with Metasploit.
http://securityreason.com/securityal...ty+Database%29

That's for IE9

How about a zero day for Firefox
http://www.zerodayinitiative.com/adv...+Advisories%29
Edited by Spooony - 6/24/11 at 5:49am
post #55 of 64
http://www.zerodayinitiative.com/adv...+Advisories%29

Code:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
It also doesn't say what level the malicious code runs at, can it get into the kernel/system? What's the damage level/threat? it has none of that and I'm assuming it is limited. Even more so in a 64bit environment, using a 32bit FF the exploit will be stuck in WOW. Not to mention that it requires you to visit a malicious site, which if you've been browsing long enough it isn't hard to spot. Get off those cheap pron sites.

IE9 also has ActiveX, one of the biggest security threats around. Not because it has shoddy coding but because of what it needs to do. It is the same with WebGL, you have to have certain privileges due to how Win operates. The FF exploit would probably be null on Linux, due to how userspace is handled. There have been many people over the years that say Windows poorly handles userspace and security. There is nothing you can do, UAC will never prevent those exploits because of the "trust" windows has for the users.

I'm on the 3.0rc2 right now, when Debian gets the 3.0rc3/rc4 I'll be on that. It isn't that I can't be touched, it is more or less nobody wants to run Linux exploits. I update regularly, to fix bugs and security exploits. It also doesn't matter what kernel you are on, as long as you are on a kernel that has the latest security patches. Debian Stable is proof of concept, it is one of the more well known server platforms.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #56 of 64
Quote:
Originally Posted by mushroomboy View Post
http://www.zerodayinitiative.com/adv... Advisories%29

Code:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
It also doesn't say what level the malicious code runs at, can it get into the kernel/system? What's the damage level/threat? it has none of that and I'm assuming it is limited. Even more so in a 64bit environment, using a 32bit FF the exploit will be stuck in WOW. Not to mention that it requires you to visit a malicious site, which if you've been browsing long enough it isn't hard to spot. Get off those cheap pron sites.

IE9 also has ActiveX, one of the biggest security threats around. Not because it has shoddy coding but because of what it needs to do. It is the same with WebGL, you have to have certain privileges due to how Win operates. The FF exploit would probably be null on Linux, due to how userspace is handled. There have been many people over the years that say Windows poorly handles userspace and security. There is nothing you can do, UAC will never prevent those exploits because of the "trust" windows has for the users.

I'm on the 3.0rc2 right now, when Debian gets the 3.0rc3/rc4 I'll be on that. It isn't that I can't be touched, it is more or less nobody wants to run Linux exploits. I update regularly, to fix bugs and security exploits. It also doesn't matter what kernel you are on, as long as you are on a kernel that has the latest security patches. Debian Stable is proof of concept, it is one of the more well known server platforms.
yes user interaction is required. It requires you to click on a infected link. That's not difficult. I got you to press on link in this post already. There's user interaction.
Oh wait here's another
http://www.securityfocus.com/bid/48379

how about a shell with root privileges?
Nah can't post that exploit here NSFW
post #57 of 64
Quote:
Originally Posted by Spooony View Post
yes user interaction is required. It requires you to click on a infected link. That's not difficult. I got you to press on link in this post already. There's user interaction.
Oh wait here's another
http://www.securityfocus.com/bid/48379

how about a shell with root privileges?
Nah can't post that exploit here NSFW
And you post a link to software that IMO is out of date. I'm running FF nightly 7.0a1, the latest. If your on linux and not running nightly FF you really need to look into it. I'm also WELL aware there are 0day hacks, I used to be in the scene and none of that surprises me. The problem is you cannot EVER protect against 0day exploits, UAC/AV/Whatever the crap you want doesn't protect. So by posting 0day hacks you aren't really helping your cause, your just pointing out the obvious. 0day hacks own, simply put because there aren't patches yet. I still fail to see the point of UAC, you haven't proven anything yet.
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
Current Rig
(14 items)
 
  
CPUMotherboardGraphicsRAM
FX-8350 4.6GHz@1.44v GA-990FXA-UD3 R4.0 HD 7950 (1100/1450) 8G Muskin DDR3 1866@8CLS 
Hard DriveOptical DriveOSMonitor
1TB WD LiteOn DVD-RW DL Linux/Windows 19" Phillips TV 1080p 
PowerCaseMouseMouse Pad
OCZ 600W Generic Junk Logitech MX400 Generic Junk 
Audio
SBL 5.1 
  hide details  
Reply
post #58 of 64
Quote:
Originally Posted by masonkian View Post
Cool stuff. FYI my account shows no such activity. Change your password from your mobile device perhaps? Anyone know if there's anything like this for GMail? Also Yahoo's front page is muuuuuch better than it was last time I checked (1 year +)
JJS
(14 items)
 
  
CPUMotherboardGraphicsRAM
Xeon X5650 Asus P6X58D-e R9 290x 4Gb 24Gb HyperX DDR3 
Hard DriveHard DriveOSMonitor
250Gb 840 EVO 3x Seagate 3Tb Windows 7 x64 2x Dell U2711 
KeyboardPowerCaseMouse
Steelseries 7G, Das Professional S Silent, Antec 550W Not at the moment Logitech G9, G500 (x2), G500s 
Audio
Sound Blaster Z 
  hide details  
Reply
JJS
(14 items)
 
  
CPUMotherboardGraphicsRAM
Xeon X5650 Asus P6X58D-e R9 290x 4Gb 24Gb HyperX DDR3 
Hard DriveHard DriveOSMonitor
250Gb 840 EVO 3x Seagate 3Tb Windows 7 x64 2x Dell U2711 
KeyboardPowerCaseMouse
Steelseries 7G, Das Professional S Silent, Antec 550W Not at the moment Logitech G9, G500 (x2), G500s 
Audio
Sound Blaster Z 
  hide details  
Reply
post #59 of 64
Quote:
Originally Posted by mushroomboy View Post
And you post a link to software that IMO is out of date. I'm running FF nightly 7.0a1, the latest. If your on linux and not running nightly FF you really need to look into it. I'm also WELL aware there are 0day hacks, I used to be in the scene and none of that surprises me. The problem is you cannot EVER protect against 0day exploits, UAC/AV/Whatever the crap you want doesn't protect. So by posting 0day hacks you aren't really helping your cause, your just pointing out the obvious. 0day hacks own, simply put because there aren't patches yet. I still fail to see the point of UAC, you haven't proven anything yet.
not posting zero day hacks. Those are reported vulnerabikties: that's it. Its not about linux. Its about UAC and Windows. Again UAC and Windows. It doesn't take a zero day hack to rip your cookie info btw. The server asks for it and your browser provides it. Nothing special. In that cookie is your email password and username in plain text. You don't need elevated privileges or anything. But saying UAC enabled on windows is unneeded and then go declare your running Linux is like telling someone a safety belt is useless because you ride a bicycle and you don't need it.
post #60 of 64
Quote:
Originally Posted by jadawgis732 View Post
Cool stuff. FYI my account shows no such activity. Change your password from your mobile device perhaps? Anyone know if there's anything like this for GMail? Also Yahoo's front page is muuuuuch better than it was last time I checked (1 year +)
if your accessing anything privacy related like email etc etc don't use anything other than https. All of them supports it. If you give up personal info if its not https don't use that service.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › yahoo mail keeps getting hacked