Question about hacking web-mail (hotmail) accounts

[Virus Guy]

"David H. Lipman" wrote:

> >> That's not the full Hotmail header.
> >
> > I said it was the full message body. There was no need to
> > reproduce the header (because it has no bearing on the
> > context of my questions).
>
> Except the source.

I'm not following you.

The password for a hotmail account has become known to a third party
(call him a hacker, cracker, criminal, what-ever you want).

E-mails were sent through hotmail using the account's credentials.
Copies of those e-mails are present in the sent folder of the account.

I am most curious as to how the account password became comprimized.

How is you seeing the full header going to speak to that question?

[David W. Hodgins]

On Tue, 01 May 2012 21:29:00 -0400, Virus Guy <Virus@guy.com> wrote:

> I am most curious as to how the account password became comprimized.

http://it.slashdot.org/story/12/04/2...d-exploitation

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[David H. Lipman]

From: "David W. Hodgins" <dwhodgins@nomail.afraid.org>

> On Tue, 01 May 2012 21:29:00 -0400, Virus Guy <Virus@guy.com> wrote:
>
>> I am most curious as to how the account password became comprimized.
>
> http://it.slashdot.org/story/12/04/2...d-exploitation
>

That explians why the flood of Job Fraud emails via compromised HotMail
accounts I have received stopped around that time frame.

Thanx Dave

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[David H. Lipman]

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

> From: "David W. Hodgins" <dwhodgins@nomail.afraid.org>
>
>> On Tue, 01 May 2012 21:29:00 -0400, Virus Guy <Virus@guy.com> wrote:
>>
>>> I am most curious as to how the account password became comprimized.
>>
>> http://it.slashdot.org/story/12/04/2...d-exploitation
>>
> That explians why the flood of Job Fraud emails via compromised HotMail
> accounts I have received stopped around that time frame.
>

Damn - Just got another one :-(



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Ant]

"David W. Hodgins" wrote:

> On Tue, 01 May 2012 21:29:00 -0400, Virus Guy wrote:
>> I am most curious as to how the account password became comprimized.
>
> http://it.slashdot.org/story/12/04/2...d-exploitation

That's a password-reset vulnerability. In this case there was no
password change so, unless there's another Hotmail bug, I believe
it's more likely that social engineering or malware was involved.

[FromTheRafters]

Virus Guy wrote:
> "David H. Lipman" wrote:
>
>>>> That's not the full Hotmail header.
>>>
>>> I said it was the full message body. There was no need to
>>> reproduce the header (because it has no bearing on the
>>> context of my questions).
>>
>> Except the source.
>
> I'm not following you.
>
> The password for a hotmail account has become known to a third party
> (call him a hacker, cracker, criminal, what-ever you want).

That might not be exactly true. I don't know the full details of how
hotmail works it, but in some cases where a password is used *only* the
client knows that password.

[...]