[10354] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: javascript hotmail password trap

daemon@ATHENA.MIT.EDU (David L. Nicol)
Mon Apr 26 13:38:16 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37241330.474F6D2C@kasey.umkc.edu>
Date: 	Mon, 26 Apr 1999 02:18:08 -0500
Reply-To: "David L. Nicol" <david@KASEY.UMKC.EDU>
From: "David L. Nicol" <david@KASEY.UMKC.EDU>
X-To:         frisco <frisco@peruano.org>
To: BUGTRAQ@NETSPACE.ORG

ha ha.

No, it wasn't a traditional password trap (like yours) but
a javascript which takes advantage of cookie-based security
hooks to contact hotmail's database and change your password.

frisco wrote:
>
> Is that originating page anything like
> http://www-personal.wccnet.org/~frisco/code/assorted/hotmail.html
> ?  It's a page i made a while back to describe some security issues to
> some co-workers.
>
> just curious.
>
> -f
> http://www.peruano.org/
>

________________________________________________________________________
  David Nicol 816.235.1187 UMKC Network Operations david@news.umkc.edu
    "If you're calling about the Nobel prize, press 4"  GPG+ P+++ e*


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10354] in bugtraq

Re: javascript hotmail password trap

daemon@ATHENA.MIT.EDU (David L. Nicol)Mon Apr 26 13:38:16 1999

daemon@ATHENA.MIT.EDU (David L. Nicol)
Mon Apr 26 13:38:16 1999