[Dshield] seems like a flaw in a yahoo url

Johannes B. Ullrich jullrich at sans.org
Fri Apr 23 13:29:34 GMT 2004

> At the time It looked like somone trying to take over yahoo accounts. they
> were trying lots of different usernames but the same password

This is a very common technique, and somewhat hard to prevent. 
Most login systems will block an account, if you attempt a bad
password more then n times. However, if you don't care which
account you are going to crack, you just use a commonly used
password, and try different userids. 

The only way to block this is to track login attempts by origin
IP, which is tricky as for example large ISPs may use proxies.

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040423/46b589e3/attachment.bin

More information about the list mailing list