Printable View
so was I?
phishing isn't done with a program like a keylogger, it is simply a copy of the webpage which sends the details to the owner, the easiest way to tell if it is a fake is to check the url.Quote:
erm other thing is how u can normally tell if it is a fake window?
sorry was directed at befQuote:
Originally Posted by Mr.Sam
+ thanks
1 min after so didn't see ya post
ta
Now last question, can sum1 explain wot cookie stealing means?
If you have noscripts on which is a firefox addon you can't be session stolen :)
Cookie stealing. On each website you log in on you have a unique cookie to tell the website who you're logged in as. Some sites have simple cookies like "username=john; passw=1234" other sides use sessions such as "PHPSESSID=dhr8848neru09fjijkmm59trjmn4t59". Habbo uses sessions. The javascript: "document.cookie" is used to get this data - typing "javascript:alert(document.cookie)" in the adress bar will show you your cookies for the site you're on. If the website in question has an XSS vulnerability (people can place their own html and javascript code on it) then an attacker can use this to redirect you to a php script which will log the cookie information. They can then use your cookie information to either log in with if the cookies show username and password or they can hijack your session if the website uses cookies like habbo.Quote:
Originally Posted by msb.
I hope this makes it clearer to you.
I cba to read all the posts, the first 4 or so were wrong though :rolleyes:
Phishing has been around before Habbo, you know..
Here are a couple of examples:
- When you create a fake-login like Ebays.com or PayPol.com and create it to look like the site...
you trick people to going on it, they sign in (good phishers will now re-direct to the real site) and big-bang-bosh - you've got thier user details.
- Phishing scams are VERY common in Spam emails such as:
Hey, eBay has lost your users creditcard details in a recent update, please proceed to eBays.com/user_authenticate/Creditcard.php and re-enter your information.
Basically, anything that requires a scam-site of some sort is usually considered phishing...
Quote:
Originally Posted by Unhappyness
How is that wrong? Where did I say that it's just for habbo. btw It's 'PayPal'Quote:
Originally Posted by vito201-:D
No... PayPol.com was an old scam website... as way Ebays.com.Quote:
Originally Posted by Unhappyness
And i swear it didn't say that the first time i read it >_> Pill-comedown bare with me... lol
I go on them and type fake users n passwords. :D
vito and unhappy
dunno why ur debating each other LOL
ur both actually right :S
thanks very much, my knowledge is improving, brap.
Cool so firefox, no scripts? so u can get an addon on firefox where it prevents you being hacked?Quote:
Originally Posted by GoldenMerc
directed @ unhappy... : So basically the safest way is to check the url pretty much or can people still steal ur cookies by say if u went on a site that isn't safe by mistake, then went on the REAL SITE, can they still change it some how?
If you go on a site that has a script to steal your cookies as soon as you go on they get your cookies. It doesn't matter what you do afterwards. The best way to prevent this is to not go on sites you don't trust and if you think a site you went on might have had a cookie stealer then either log out and log back in if you think it stole your cookies from a website that uses sessions or change your password if you thing it stole your cookies from a website that uses the username and password in the cookies. If you don't know then do both. Another way to stop it (which I personally don't like but many other people do) is to use firefox's noscript addon which only executes javascript (needed for cookie stealing) from websites you have told it to.Quote:
Originally Posted by msb.