From hacker@mitchell.demon.nl Mon Mar 02 20:09:04 1998
Newsgroups: alt.hacking
Subject: Hotmail Hack info !
From: Terry Mitchell <hacker@mitchell.demon.nl>
Date: Mon, 02 Mar 1998 12:09:04 -0800

HOTMAIL HACKING INFO.


I_1_I  - Brute force hacking
a. Use telnet to connect to port 110 (Hotmail´s pop-server)
b. Type USER and then the victim´s username
c. Type PASS and then the guess a password
d. Repeat that until U have found the correct password.
!. This is called brute force hacking and requires patience.
It´s better than trying to guess the victims password on
hotmail homepage only because it´s faster.
____
I_2_I  - The Best way
a. Get the username of the victim (It usually stands in the adress-field
)
b. Then type " www.hotmail.com/cgi-bin/start/victimsusername "
c. U´re in!
!. This hack only work if U are on the same network or computer as the
victim and if he don´t log out.
____
I_3_I  - The old way
a. Go to http://www.hotmail/proxy.html
b. Now type the victims username. (press login)
c. Look at the source code.
d. On the fifth row U should find "action=someadress"
e. Copy that adress and paste it into the adress-field
f. You are in...
!. As you can see it´s a long procedure and the victim have
plenty of time to log out.
____
I_4_I  - Another...
a. Go to hotmail´s homepage
b. Copy the source code.
c. Make a new html file with the same code but change method=post to
method=enter
d. "view" the page
e. Change the adress to www.hotmail.com/ (don´t press enter!)
f. Make the victim type in his username and password
g. Look in the adress-field. There you´ll see ...&password:something...
!. This is the way I use, because it lets you know the password.
(If he exits the browser U can see the password in the History folder!)

READ!
Hotmail´s sysops have changed the "system" so that the victim may log
out even
if U are inside his/her account. So don´t waste U´r time!

---

So you want to get some hotmail passwords?
This is pretty easy to do once you have got the hang of it.
If you are a beginner, I wouldn't make this your first attempt at
hacking.  When you need to do is use a port surfer and surf over to
port 80.  While there, you have to try and mail the user that you
want the password from.  It is best to mail them using the words
"We" and "Here at Hotmail..."  Most suckers fall for this and end
up giving out their password.  There is another way to also, you can
get an anon mailer, and forge the addres as staff@hotmail.com.  But
you have to change the reply address to go to a different addres
like user@host.com.  The person that you are trying to get the pass
from MUST respond to that letter for the mail to be forwarded to you.
Have text like "Please reply to this letter with the subject "PASSWORD"
and underneith please include your user name and password.
If you have trouble Loging in withing the next few days, this is
only because we are updating our mail servers but no need to worry,
your mail will still be there.  Even though the server may be down
for an hour.  From the staff at Hotmail, Thank You."

10 Fast and Free Security Enhancements
PC magazine.

Before you spend a dime on security, there are many precautions you can take that will protect you against the most common threats.

1. Check Windows Update and Office Update regularly (_http://office.microsoft.com/productupdates); have your Office CD ready. Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a personal firewall. Both SyGate (_www.sygate.com) and ZoneAlarm (_www.zonelabs.com) offer free versions.


3. Install a free spyware blocker. Our Editors' Choice ("Spyware," April 22) was SpyBot Search & Destroy (_http://security.kolla.de). SpyBot is also paranoid and ruthless in hunting out tracking cookies.

4. Block pop-up spam messages in Windows NT, 2000, or XP by disabling the Windows Messenger service (this is unrelated to the instant messaging program). Open Control Panel | Administrative Tools | Services and you'll see Messenger. Right-click and go to Properties. Set Start-up Type to Disabled and press the Stop button. Bye-bye, spam pop-ups! Any good firewall will also stop them.

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro@l. This will make it much harder for anyone to gain access to your accounts.

6. If you're using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Buy antivirus software and keep it up to date. If you're not willing to pay, try Grisoft AVG Free Edition (Grisoft Inc., w*w.grisoft.com). And doublecheck your AV with the free, online-only scanners available at w*w.pandasoftware.com/activescan and _http://housecall.trendmicro.com.

8. If you have a wireless network, turn on the security features: Use MAC filtering, turn off SSID broadcast, and even use WEP with the biggest key you can get. For more, check out our wireless section or see the expanded coverage in Your Unwired World in our next issue.

9. Join a respectable e-mail security list, such as the one found at our own Security Supersite at _http://security.ziffdavis.com, so that you learn about emerging threats quickly and can take proper precautions.

10. Be skeptical of things on the Internet. Don't assume that e-mail "From:" a particular person is actually from that person until you have further reason to believe it's that person. Don't assume that an attachment is what it says it is. Don't give out your password to anyone, even if that person claims to be from "support."