[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: Yahoo Account Security
From: Muhammad Faisal Rauf Danka <mfrd () attitudex ! com>
Date: 2002-04-30 20:39:29
[Download RAW message or body]
Yes it will work, He can even make a bash script to keep greping that particular JPEG \
or HTML file in access_log, and If the condition is true then probably Email him on \
some other email address he has, and as well as send the notification with I.P in \
subject to his cell phone company provided email address which are something like \
4040948*number@cellphoneprovider.com. Which actually send email notification via SMS. \
In such a way he can probably setup a trap and shit. Goodluck Tony =)
Regards,
---------
Muhammad Faisal Rauf Danka
Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
voice: 92-021-111-GEMNET
Chief Security Analyst
Applied Technology Research Center (ATRC)
web: www.atrc.net.pk
voice: 92-021-4548323, 92-021-4546077
"Great is the Art of beginning, but Greater is the Art of ending. "
------BEGIN GEEK CODE BLOCK----
Version: 3.1
GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++
P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y-
PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+
------END GEEK CODE BLOCK------
--- "Laurence Brockman" <laurence@fluxinc.com> wrote:
> Why don't you send an email message to your yahoo account with some embedded
> html (or JavaScript?) in it (Such as a pic on your home server or
> something).... or some friend that has apache running. Pick out a picture
> that no one else will ever load, and wait for him to open the message. You
> should get a line in the apache access logs with his source IP address...
>
> Not sure if this would work, but it might be worth a shot.... anyone with
> more experience with HTML email stuff think this would work?
>
> Laurence
>
> ----- Original Message -----
> From: "Sumit Dhar" <dhar@dexponet.com>
> To: "Tony Abedini" <tabedini@yahoo.com>
> Cc: "H C" <keydet89@yahoo.com>; <security-basics@securityfocus.com>
> Sent: Saturday, April 27, 2002 4:49 AM
> Subject: re: Yahoo Account Security
>
>
> > On Thu, 25 Apr 2002, Tony Abedini wrote:
> >
> > > Obviously if I changed my password, then I'd ruin the
> > > chance of the person logging in again, so NO I haven't
> > > change my password.
> >
> > The classic "hunted turning hunter" maneuver?? :)
> >
> > But if someone has your password, I would still assume the best thing to
> > do would be to change it immediately. What happens if *he* changes it
> > first? You would be probably locked out of your account and take my word
> > for it, making a new ID and letting everyone know of it is not worth the
> > pain. If the account is of no consequence, fine.. play on. But if it
> > important, remember he has access to your documents and can cause
> > problems if he gets nasty. :(
> >
> > If you really want to know who it is, use the data you already have.
> > Will additional data really help?? Is Yahoo cooperating in this? I would
> > have serious doubts about their giving you the IP etc.
> >
> > Just my $0.02 worth.
> >
> > <a href=http://dhar.homelinux.com/dhar/>Sumit Dhar</a>
> > Manager, Business Development and Products,
> > SLMsoft.com
> >
> >
_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
_____________________________________________________________
Run a small business? Then you need professional email like you@yourbiz.com from \
Everyone.net http://www.everyone.net?tag
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic