blog.possumism.net

Listen up people. Im about to make you all smart as hell on Myspace.
As far as security goes, there has been to many instances of people having stolen accounts, passwords, and posts of advertisements sent by the users/account holders automatically without their knowledge. They arent sent by you the account holder, they are sent by users other than you via bulletin using your account to post these bulletins. Im going to uncover how this is done, and how to prevent and/or counteract this problem. Im going to uncover how to notice spam as well.

Spam

See this?:

$500 says its bullshit.

Click that link, send them your email address, and you can bet your ass they will send a TON of surveys and advertisements to your email inbox. Not your myspace email, but your hotmail…yahoo…aol…etc.

This Is Spam and they all should rot in hell.

What happens is when you goto this so called “voting site” they just want your email address. Forget about the vote cause they can care less. As you can see with this site, you cant make any selection as to “which service you like the most” because it’s all one big popup. So, you put in your email address, they ask you a ton of questions like you’re going to receive money for it, and it never ever ends unless you subscribe to a boatload of third party companies (blockbuster, amazon, credit card companies, college signups, and anything else that will bill you every month or have pay off or things that can be sent to your email and wonder why later). You wont get your “new ipod” or “new cell phone” untill you reach a quota. God knows when because that that quota is ENDLESS. If you read things like “promotion, or participation required, survey group, etc.” on sites like these its all bullshit marketing. They send your email address to a ton of these companies, and spam your inbox.

So now, your stuck with survey groups sending LOADS of new surveys, and advertisements filling up your inbox every day, and if I didnt tell you this, you would wonder why and where spam comes from

Subscriptions and simply sending your email to marketing companies like this one. =)

And all they will say is that “it was your choice”.

Next. Stolen information?
You only have to log into Myspace ONCE per session. If you ever click a link from a bulliten and get asked to relog into myspace ever….and put your email and password into those fields, your asking to get your password stolen, and end up having your account remotley posting bullitens that you have NOT posted yourself. Unless your myspace account has been open/active and sitting idle for hours, you should never have to relogin to myspace to view any pages! period!

This is happening WAY to often to people.

This technique to steal passwords is called phishing (pronounced as it looks-fishing) and to all you script kiddies who think this is funny, you can go suck a pole!
This tells you more about it from Wikipedia. http://en.wikipedia.org/wiki/Phishing

Example:

If you do not know the terms used in this section, and got spare time, use google to look them up and update your knowledge.

Lets say i set up an Apache daemon to run an http server to host HTML pages (ex. websites/whatever). I copy the login page from myspace, and make it an exact replica and host it on my server. I set up DNS (Domain Name System) registration to change my web address from IP number to a name, and then I put the link to my server into a bulletin. I make the link say “view my sexy webcam, or my hot ass. click this link.” If you click that link, it sends you straight to the fake login page I created making you think “hm, i just been disconnected, ill re-log in”. You put your email and password into the page….click login. At this point… your information is then given to me.

I can then send spam to your friends list by posting bulletins, delete shit from your page, change account settings, read your email if i wanted to… the list goes on and on. In most spam cases, advertisers develope a script to just automatically sign in with your email and password, and send a bulletin. (i think…but regaurdless, anything can happen remotely)

Counteraction

If this has ever happend to you before on Myspace, you need to immediately change your password.

To prevent this:

DO WHAT TOM SAYS!

MAKE SURE YOUR ADDRESS PANEL AT THE TOP IN YOUR BROWSER (either Internet Explorer/Mozilla) SAYS THIS BEFORE YOU LOG IN.

http://login.myspace.com/ ….and etc.

…because login.myspace.com is registered to Myspace’s domain name only, and it can not be stolen or used by anyone else on the net.

Also…

You see the bottom of your broswer? (Internet Explorer/Mozilla).

Notice that bar that says transfering and so forth. Since any url can be masked as a link with letters and sentences, people dont pay any attention to that bar before they click links. Its 99.9% the reason why people get phished or get sent viruses/backdoors through emails or browsers like this. Its simple stupid, and its why that status bar is there. Im going to show you how to use this.

Example:

Hover your mouse over top of any link you find on the web, and look at that status bar. It should read exactly what site it will goto, and where you goto before you click any link/urls.
Hover your mouse over this link DJ Sandra Collins and look at your status bar on the bottom of this window.
It should say http://www.sandracollins.com

Right? Thats Sandra Collins Official Website.

Now…

If that link were to be this (another example):

http://www.somehost.com/filenamehere.exe

Where “somehost” would be the domain name of the site.
filenamehere.exe would be the file or filename.
This is when you question yourself why this person is hosting an EXE. Did I request it?
This goes back to the old saying….”Unless you know what your downloading, trust nothing else”

Now if its extention was to be .html or .php, its considered a page somewhere on the site (server). Which can be ok.

EXEs on the other hand can be sent as backdoors/downloader trojans/rootkit extractors/spyware…the list goes on. Unless you know for sure that what you requested is whats expected to be downloaded, you cant be too safe.

So please!! Keep a close eye on what you click and/or goto. It will save ya a shitload of stress.

Make sure the links/urls are to a legit site before you send any information to them.

Hope this helps….for the second time around. Surf safe.

Out.

—DO NOT REPOST THIS—