[Dshield] seems like a flaw in a yahoo url
Johannes B. Ullrich
jullrich at sans.org
Fri Apr 23 13:29:34 GMT 2004
> At the time It looked like somone trying to take over yahoo accounts. they
> were trying lots of different usernames but the same password
This is a very common technique, and somewhat hard to prevent.
Most login systems will block an account, if you attempt a bad
password more then n times. However, if you don't care which
account you are going to crack, you just use a commonly used
password, and try different userids.
The only way to block this is to track login attempts by origin
IP, which is tricky as for example large ISPs may use proxies.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040423/46b589e3/attachment.bin
More information about the list