home | about | legal | contact
Chat Help
Yahoo! Chat Help and Windows Security
Tutorials
Navigation
Fake Login Screens

For as long as I can remember people have been devising ways to
obtain other peoples passwords. There are two main techniques
utilised in trying to obtain your password and they are
cracking/hacking and social engineering. I'll go into both of these
briefly before going more into depth on fake logins.
Cracking/Hacking

Now for those of you that are not computer literate let me explain
that cracking and hacking are not the same thing.

Cracking is where a program or script is used to run through a list of
words, numbers, and/or symbols in an attempt to find your password.
This is done by sending repeated login attempts using the victims
username and the current entry from the list. Most big companies,
such as Yahoo and Hotmail, have safe guards in place to prevent this
sort of thing. Try logging into Yahoo using the wrong password and
you will find your account locked after the third attempt.

Hacking is where the person tries to access a machine, be it yours or,
for the sake of this page, Yahoo's in an attempt to get the password.
The term hacking covers more than just this but for the purpose of
this page that is the part that concerns us. Once again big companies
such as Yahoo! and Hotmail are not that easy to "hack" and so most so
called hackers will target individual machines, ie YOUR computer. This
is usually done with a trojan. A trojan is a program that is disguised as
something else ( hence the term trojan from Trojan Horse) and once
run can give the attacker full access and control over your pc. This is
easy to protect against with three things:

A firewall. A firewall gives you control over what programs can access
the net from your computer and will stop anything from connecting to
the net that you have not authorised. See my  Windows Utilities page
for a free firewall.
An antivirus program. A decent anti virus will scan all incoming emails,
all programs you run, and all web pages you visit looking for viruses,
worms, and trojans. See my free stuff page for a free anti virus
software.
COMMON SENSE. A lot of viruses get onto pc's from items downloaded
from web sites and email attachments being opened. The sort of
people that want to get your password are the sort of people that
make so called booting programs. Some of these people are not
adverse to putting a trojan or some other virus into a program and
then saying it's something they know will get downloaded by
unsuspecting people.
DO NOT DOWNLOAD STUPID PROGRAMS.
DO NOT OPEN EMAIL ATTACHMENTS UNLESS YOU KNOW THE SENDER
AND TRUST THEM!
DO NOT ACCEPT STRANGE FILE TRANSFER NOR CLICK LINKS IN CHAT OR
PM/IM UNLESS YOU TRUST THE PERSON

Social Engineering
There are basically three forms of social enginering:
Fake password recovery - This is where you are told that you can get
hold of anyones password by using a backdoor or exploit in a server
whereby you send an email to a specified address with the victims id
as the subject line or what have you and then include your username
and password. This is total idiocy and should just be ignored
The come on/friendly chat/plead for help - In this case the person
starts talking to your for one of the three reasons stated. They will try
to come on to you, or be friendly with you, or say they need help.
But at some point in the conversation they will bring the subject
around to things like your date of birth, your zip/post code, your
mothers maiden name etc. What they are trying to do is get the
information required to access your account using the password
recovery feature which requires such information.
The Fake Login Screen - This usually looks like the real thing (beleive
me I've seen some that are just ridiculously obvious) but actually sends
your email to the person via email or saves it to a file for them to
retrieve later.
Right so lets discuss the fake login pages then since thats what this
page is about. Most fake logins are easy to spot, just look at the URL,
thats the http:// bit you get in the address bar. If it's a real Yahoo!
login page the url will start with http:// or https:// and then it could
be anyy or none of the following, login.yahoo.com, mail.yahoo.com,
edit.yahoo.com. So the start of the address could be
http://login.yahoo.com. There are to many variations for me to list
here but all you have to check is that the bit after the :// and before
the next / says yahoo then a domain such as .com, .co.uk, .co.jp, .ca,
.co.kr, etc. As I said most fake logins use a free host such as geocities
so the URL will say www.geocities.com or www.angelfire.com and not
yahoo.

Now some of these fake logins are getting clever. They use a url like
http://login.yahoo.com/edit?src=1&warned=1@www.realaddress.com/.
Now the start of this url looks correct but what they are doing is
using the @ symbol. The @ symbol is used when a site reuires a
username and is used as
http://USERNAME:PASSWORD@www.realsite.com. the part before the
@ will be ignored by most servers and they use this fact to disguise
the real URL from you. If you come across a fake login page report it
to the sites host and it will usually be removed within 24 hours.

I must add at this point that a recent Internet Explorer patch removed
support for
http://login.yahoo.com/edit?src=1&warned=1@www.realaddress.com/
style urls which while being a good thing regarding fake logins has
caused problems for many companies that use this type of url to log
you in.

For more information on this subject try this page:
http://www.helpbytes.co.uk/fake_login.php

Taken from www.carbonize.co.uk (Thanks Carbonize!)

                                              -----


______________________________________________________________________________
______________________________________________________________________________