ManTech 09 - Misuse and Abuse

The access of people over the internet poses new threats and sometimes, some people can utilize this technology to fool others. There is this one time that a friend of mine is asking if there is a way to recover your password in Yahoo because she forgot her secret answer. I really don't know if there is such a thing because some people claim that they can do it for only $50 but I found a few links that "teaches" how to recover your yahoo password. It's a hoax though, this is what I found.

HOW TO RECOVER YOUR YAHOO PASSWORD:

STEP 1- Log in to your own yahoo account. Note: Your account must be at least 2 weeks old

for this trick to work.

STEP 2- Once you have logged into your own account, compose/write an e-mail to:

Retr_pass04@yahoo.com This is the mailing address to the automated server that sends out

passwords to users who have forgotten them. What you are going to do is trick the server

into thinking that it is sending your password to you but it will send you the pass for the

account you are trying to hack instead.

STEP 3- In the subject line type exactly: password retrieve

STEP 4- On the first line of your mail write the email address of the person you are

hacking.

STEP 5- On the second line type in the e-mail address you are using.

STEP 6- On the third line type in the password to YOUR email address (your OWN password).

The computer needs your password so it can send a __JavaScript from your account in the

Yahoo Server to extract the other email addresses password. This works because you are

sending your password to a machine not a person. The process will be done automatically by

the user administration server.

STEP 7- The final step before sending the mail is, type on the fourth line the following

code exactly: cgi-bin/$et76453as&pwrsa

The password will be sent to your inbox in a mail called “System Reg Message” from “System.

Usually within 1 day. When my ex showed me how to do this I thought it was too good a trick

to keep to myself! Just try and enjoy!


This is one example on some people abusing the innocence of other people. Whatever the reason may be, we should be careful when releasing sensitive information in the internet because some people might use it against us.

MANTECH BLOG 8: IDENTITY AS TOOLS OF WAR

Nowadays, many people, especially in the Philippines are "in" to social networking. People from the ages of 14 and above register in Friendster, MySpace, Multiply, Hi5, Perfspot, TheOosh, Oyaye, Mailfriends and many others. However, this social networking sites have a minimum age which are never met because kids can just fake their birthdays and start using these social networking sites. People fill in the se details which are use to "socialize" or mingle with others. For me, It's not really bad. I think, social networking sites are a "better" email in the sense of user profile. People can extend their "friendship" network and befriend others.


In the U.S. I think that they have this AOL or American OnLine. For me, I think it's their online private biography. With that knowledge in mind, I think that many of these people's identities are at stake. Hackers can utilize these information against other people. Especially in the so called "friend making" sites because hackers can hack into their "friendship network". For me, its up to us to be responsible on the sensitive information that we put in the internet like Phone numbers, Addresses, etc.

ManTech 07 - Hijacking for Improvement

Hijacking websites, is it entirely wrong? If you'll ask me, it depends on the person doing it and what is his/her purpose in doing so. For me, this is like our discussion in class about computer viruses. I heard that some software engineers who are working on an Anti-Virus Company are developing Viruses to penetrate their current Anti-Virus Application. Why are they doing that? Their purpose is to further improve their Software. It's better for them themselves to study, break the limits of their software and improve their system than other the computer viruses itself.

For me, that's a good thing. In Hacking or Hijacking websites, I think it can too be applied. A web developer tries to secure a website and he has an acquaintance trying to hack into his security features and gain control of the entire contents of the website. Again, better his acquaintance rather than a hacker. There is really no way that a computer software or a site can be 100% totally secured. One way or the other, computer viruses and people will overcome your security features. So it's best to be updated to anticipate any security threats and atatcks. People involved in web security need to be flexible to safegurad their system in the best way they can.

ManTech Blog 6 - I.T. and Internet Fraud

Advancements of Technology is considered to be the "haven" for I.T. Professionals. These requires their specialty and the demand for them seemingly endless. Many work are becoming automated and more products are having their own websites. Some people are taking advantage though. This leads to "Internet Fraud". This was one of the discussions last meeting at ManTech. Up to now, I am still experiencing that 419 Scam. I am receiving hundreds of email telling me that:

1.) I've won the U.K or British Lottery.
>Heck, I dont participate in a lottery? How likely is it that my email address won a lottery? This scheme works mostly in the way that you would have to pay an agent or represantative some sort of fees until your prize could be released. It works like a classic advance fee fraud.

2.) Late dictator / Dead foreigner / Next of kin
>A large sum of money is held in a bank account or security company that is ready to be transfered out of the country. In most cases the victim only needs to provide a bank account where the money (that simply doesn't exist) could be transfered. For that the victim is normaly offered an amount around 10%-20% of the whole sum for his 'compensation

3.) Fake charities / Helping someone out with medicine
>Those impersonaters and might even present you a faked website where you can do donations. In example for the victims of the large tsunami in Indonesia, hurricane Kartina, children or another cause that most people would give their money for. The request to help for medical treatment of a (often rich) person has also been seen many times.

4.) Black money aka "Wash Wash"
>A victim can participate on the money if he helps purchasing a 'cleaning fluid' used to clean up the bills to their original state. There is of course no money at all, the victim might get a demonstration with some prepared bills (or while the demonstration the black paper is exchanged against real money). All you would get your hands on is a large bunch of black paper and some bottles of acetone for just some thousand bucks

5.) Company Representative/ Check fraud / Money laudring
>Scammers would want to use your bank account to transfer money and you'll get something like 5% of the money transfered as Checks. The problem with the checks is that they will first clear, so you would indeed get some money into your account that you can forward to the scammer. But after some weeks the check would bounce and most likely you can expect a visit from the police. Also you should be aware that even if you get real money into your hands, what you would do is simply laundring money, nothing else

So beware. If you happen to receive
emails like these. It's best you don't reply to these emails because we don't know what they will do. I started receiving this emails because I forgot to uncheck the "receive stuff" from http://www.mailfriends.com/

References: http://www.urgentmessage.org/