|
Hacking at VSNL
|
|
|
|
VSNL Alert!:
Hacking at VSNL
Social Hacking
by Raj Mehta, Bruce Gingery and Peter Doshi
Date: Fri, 23 Oct 1998 17:44:10 -0500
Message-Id: <199810232244.RAA05636@www.vsnl.net.in>
To:i4u@bom2.vsnl.net.in, pdoshi01@student.vill.edu
From: elided@elided.vsnl.net.in
Subject:WWW Form Submission
while surfing the net today, we have been randomly redirected to some other totally
unrelated addresses. there was a small pop-up window which came up flashing that
"your password is being misused. please change it." after having changed the
same, we got the same pop-up window, flashing our new password. please advise.
elided
Bruce Gingery's Reply:
- On 23 Oct, Dr. Raj Mehta wrote:
- Dear Mr. elided,
Your comments really worry me. I knew what you say is possible by many ways
a hacker can listen to your keystrokes.
-
Dr. Raj,
The message you quoted here has a typical example of ``social
hacking''. This has been RAMPANT on AOL.com, and is often found
other places, as well. It may or may not have software on the
person's own machine backing it up. This would be one way that
one might use an invasion trojan similar to Back Orifice, where
(e.g. Windows 3.1) less facilities are available to the invasive
program than is provided by Windows95/98 or NT.
- My suspicion is that some one was listening to your
keystrokes and send you a message that you should change the password and
the new password he could listen to. I am very concerned about this.
- This is the reason, also, that Active-X plugins and Active-Desktop
are such dangerous technologies. Java does not (if properly
implemented) allow this quite the same way, and Tcl via the Tcl
plugin, even less so.
- Please as a precaution log on to your shell account
via dialing up to shell and change the password again. And monitor your
account usage. If it goes up abnormally contact Internet Helpdesk and
talk to Mr. G. P. Singh.
-
Good choice. If there is no interface matching that which was
described, you want to also find out, for example, a URL that was
being viewed when this message appeared.
- See are many programs which are floating around and
many browsers have security holes.
- Exactly.
- Please do keep in touch.
Regards
raj
-} >comments: dear sirs,
-} >
-} >while surfing the net today, we have been
-} >randomly redirected to some other totally
-} >unrelated addresses. there was a small
-} >pop-up window which came up flashing that
-} >"your password is being misused. please
-} >change it." after having changed the same,
-} >we got the same pop-up window, flashing our
-} >new password. please advise.
-
This could be any one of quite a few technologies, but is LIKELY
something on their own machine. Note that Mozilla 3 is known to have
some holes, but is the latest version that will work with Win3.1,
as I recall.
It appears (below) that elided was using Windows95,
with a quite old version of Netscape. If their hardware is strong
enough (speed and RAM) it would likely be advisable to upgrade to
v4.06 or later.
It almost certainly is _not_ Back Orifice, as BO could both fetch
and change the password itself. It may be something as simple
as a JavaScript pop-up on a web page, or bad script in something like
mIRC or a gaming client.
(example)
Bruce
|
![[Next]](../../../homepage/ar_right.gif){kind=small}