About Raj

Hacking at VSNL

Introduction: Guidelines which will safeguard your system
Cracker/Hacker controls a user's system by sending a file through ICQ
Social Hacking
Hacking the computer system by the use of cookies
Chat with a VSNL Cracker

VSNL Alert!: Hacking at VSNL
Social Hacking

by Raj Mehta, Bruce Gingery and Peter Doshi

Date: Fri, 23 Oct 1998 17:44:10 -0500
Message-Id: <199810232244.RAA05636@www.vsnl.net.in>
To:i4u@bom2.vsnl.net.in, pdoshi01@student.vill.edu
From: elided@elided.vsnl.net.in
Subject:WWW Form Submission

while surfing the net today, we have been randomly redirected to some other totally unrelated addresses. there was a small pop-up window which came up flashing that "your password is being misused. please change it." after having changed the same, we got the same pop-up window, flashing our new password. please advise.


Bruce Gingery's Reply:
On 23 Oct, Dr. Raj Mehta wrote:
Dear Mr. elided,

Your comments really worry me. I knew what you say is possible by many ways a hacker can listen to your keystrokes.

Dr. Raj,
The message you quoted here has a typical example of ``social hacking''. This has been RAMPANT on AOL.com, and is often found other places, as well. It may or may not have software on the person's own machine backing it up. This would be one way that one might use an invasion trojan similar to Back Orifice, where (e.g. Windows 3.1) less facilities are available to the invasive program than is provided by Windows95/98 or NT.

My suspicion is that some one was listening to your keystrokes and send you a message that you should change the password and the new password he could listen to. I am very concerned about this.

This is the reason, also, that Active-X plugins and Active-Desktop are such dangerous technologies. Java does not (if properly implemented) allow this quite the same way, and Tcl via the Tcl plugin, even less so.

Please as a precaution log on to your shell account via dialing up to shell and change the password again. And monitor your account usage. If it goes up abnormally contact Internet Helpdesk and talk to Mr. G. P. Singh.

Good choice. If there is no interface matching that which was described, you want to also find out, for example, a URL that was being viewed when this message appeared.

See are many programs which are floating around and many browsers have security holes.


Please do keep in touch.

-} >comments: dear sirs,
-} >
-} >while surfing the net today, we have been
-} >randomly redirected to some other totally
-} >unrelated addresses. there was a small
-} >pop-up window which came up flashing that
-} >"your password is being misused. please
-} >change it." after having changed the same,
-} >we got the same pop-up window, flashing our
-} >new password. please advise.
This could be any one of quite a few technologies, but is LIKELY something on their own machine. Note that Mozilla 3 is known to have some holes, but is the latest version that will work with Win3.1, as I recall. It appears (below) that elided was using Windows95, with a quite old version of Netscape. If their hardware is strong enough (speed and RAM) it would likely be advisable to upgrade to v4.06 or later.

It almost certainly is _not_ Back Orifice, as BO could both fetch and change the password itself. It may be something as simple as a JavaScript pop-up on a web page, or bad script in something like mIRC or a gaming client.


Copyright © 1996, 1997, 1998 Dr. Raj Mehta. All rights reserved.