Password Hacking
Essay Preview: Password Hacking
Report this essay
Stealing (phishing) passwords to web-based email accounts is simple
Hacking into somebodys web-based email account may be easier than you think, frightening trivial in fact. Heres how and why.
What to get from where-
If we want to obtain something we need at least a vague idea of what that is and where we can get it.
Lets assume that we want to gain access to a system protected with a password. One way, an elegant way, to get into the system is to obtain the password. So the password is what we want.
Now we need to find out where to get the password from. Lets also assume that the person who issued the password, the password holder is able to reproduce it if necessary.
How to get it
Under which circumstances will she be willing, eager even to give away that precious phrase?
Right.
Whenever the password is needed to access the protected system she will issue it without suspicion and actually believing she is doing something right. Of course she will have a more or less precise idea of the environment where it is not only required but also “safe” to enter the password.
Our goal thus is to emulate this environment as exactly as possible.
How it Works
When a Hotmail session has been idle for some time, for example, the user is automatically logged out and upon a request to access her account has to re-login.
If this re-login screen is emulated in an email, what is intended to be a security feature turns into a security risk. You type in the password to log into Hotmail again, but the password is silently sent to the