[Chugalug] this ain't kosher:LinkedIn Accused of Hacking Customers' E-Mails To Slurp Up Contacts

Mike Harrison cluon at geeklabs.com
Sat Sep 21 21:27:01 UTC 2013


Demo under construction....


From my Android phone on T-Mobile. The first nationwide 4G network.

-------- Original message --------
From: William Roush <william.roush at roushtech.net> 
Date: 09/21/2013  2:30 PM  (GMT-05:00) 
To: Chattanooga Unix Gnu Android Linux Users Group <chugalug at chugalug.org> 
Subject: Re: [Chugalug] this ain't kosher:LinkedIn Accused of Hacking Customers' E-Mails To Slurp Up Contacts 
 
I'll bite, how DO you gain control of a window you didn't spawn in 
javascript on a modern browser?

I could see it being done with other technologies (ex: java applets?) or 
other exploits (XSS/CSRF), but I'd figure those would seem to be a lot 
easier to detect and we'd have evidence before this even came out.

William Roush

On 9/21/2013 2:03 PM, Mike Harrison wrote:
>> I'd like to know what they mean by that... cross-window, cross-domain 
>> exploits? Aren't those nearly impossible on any modern browser?
>
> Not impossible, but I'm waiting for a better explaination of what 
> really happened. LinkedIn and other social media sites are often 
> confusing to some people, and they click [yes] and enter passwords 
> without thought.
>
> It might be as simple as morons that use the same password for email as
> things like LinkedIn, Facebook..
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
Chugalug at chugalug.org
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130921/9e8e35be/attachment.html>


More information about the Chugalug mailing list