Phised

[Mr.Sam]

so was I?

erm other thing is how u can normally tell if it is a fake window?

phishing isn't done with a program like a keylogger, it is simply a copy of the webpage which sends the details to the owner, the easiest way to tell if it is a fake is to check the url.

[msb.]

so was I?

sorry was directed at bef

+ thanks

1 min after so didn't see ya post


ta


Now last question, can sum1 explain wot cookie stealing means?

[GoldenMerc]

If you have noscripts on which is a firefox addon you can't be session stolen

[Jxhn]

sorry was directed at bef

+ thanks

1 min after so didn't see ya post


ta


Now last question, can sum1 explain wot cookie stealing means?

Cookie stealing. On each website you log in on you have a unique cookie to tell the website who you're logged in as. Some sites have simple cookies like "username=john; passw=1234" other sides use sessions such as "PHPSESSID=dhr8848neru09fjijkmm59trjmn4t59". Habbo uses sessions. The javascript: "document.cookie" is used to get this data - typing "javascript:alert(document.cookie)" in the adress bar will show you your cookies for the site you're on. If the website in question has an XSS vulnerability (people can place their own html and javascript code on it) then an attacker can use this to redirect you to a php script which will log the cookie information. They can then use your cookie information to either log in with if the cookies show username and password or they can hijack your session if the website uses cookies like habbo.

I hope this makes it clearer to you.

[vito201-:D]

I cba to read all the posts, the first 4 or so were wrong though :rolleyes:

Phishing has been around before Habbo, you know..

Here are a couple of examples:

- When you create a fake-login like Ebays.com or PayPol.com and create it to look like the site...
you trick people to going on it, they sign in (good phishers will now re-direct to the real site) and big-bang-bosh - you've got thier user details.

- Phishing scams are VERY common in Spam emails such as:
Hey, eBay has lost your users creditcard details in a recent update, please proceed to eBays.com/user_authenticate/Creditcard.php and re-enter your information.

Basically, anything that requires a scam-site of some sort is usually considered phishing...

[Jxhn]

First of all it's called "phishing" not "phising". It is when a 'hacker' tells you to go on a website which is a fake version of another website. If you log in it will send the 'hacker' your login details.

Cookie stealing is a completely different thing and can't be done effectivly without a vulnerability in the website it's targeting, whereas phishing can be done no matter how secure the website is.

I cba to read all the posts, the first 4 or so were wrong though :rolleyes:

Phishing has been around before Habbo, you know..

Here are a couple of examples:

- When you create a fake-login like Ebays.com or PayPol.com and create it to look like the site...
you trick people to going on it, they sign in (good phishers will now re-direct to the real site) and big-bang-bosh - you've got thier user details.

- Phishing scams are VERY common in Spam emails such as:
Hey, eBay has lost your users creditcard details in a recent update, please proceed to eBays.com/user_authenticate/Creditcard.php and re-enter your information.

Basically, anything that requires a scam-site of some sort is usually considered phishing...

How is that wrong? Where did I say that it's just for habbo. btw It's 'PayPal'

[vito201-:D]

How is that wrong? Where did I say that it's just for habbo. btw It's 'PayPal'

No... PayPol.com was an old scam website... as way Ebays.com.

And i swear it didn't say that the first time i read it >_> Pill-comedown bare with me... lol

[Zak]

I go on them and type fake users n passwords.

[msb.]

vito and unhappy
dunno why ur debating each other LOL

ur both actually right :S


thanks very much, my knowledge is improving, brap.

If you have noscripts on which is a firefox addon you can't be session stolen

Cool so firefox, no scripts? so u can get an addon on firefox where it prevents you being hacked?

directed @ unhappy... : So basically the safest way is to check the url pretty much or can people still steal ur cookies by say if u went on a site that isn't safe by mistake, then went on the REAL SITE, can they still change it some how?

[Jxhn]

vito and unhappy
dunno why ur debating each other LOL

ur both actually right :S


thanks very much, my knowledge is improving, brap.



Cool so firefox, no scripts? so u can get an addon on firefox where it prevents you being hacked?

directed @ unhappy... : So basically the safest way is to check the url pretty much or can people still steal ur cookies by say if u went on a site that isn't safe by mistake, then went on the REAL SITE, can they still change it some how?

If you go on a site that has a script to steal your cookies as soon as you go on they get your cookies. It doesn't matter what you do afterwards. The best way to prevent this is to not go on sites you don't trust and if you think a site you went on might have had a cookie stealer then either log out and log back in if you think it stole your cookies from a website that uses sessions or change your password if you thing it stole your cookies from a website that uses the username and password in the cookies. If you don't know then do both. Another way to stop it (which I personally don't like but many other people do) is to use firefox's noscript addon which only executes javascript (needed for cookie stealing) from websites you have told it to.