smtp relay check
mailserver:
e-mail:
more info
translate to ...
language:
 
[1] . [2] . [3] . [4] . [5] . [6] . [7] . [8]
EyeonSecurity
Nekromantic
EyeonSecurity Forums
Ob5cureDotCom
elfqrin swg help net security
frame4 security hacker gurus computerglitch
gotr00t b0iler hackinthebox
nekromantic.com astalavista.net wand products
security-protocols
adv-knowledge rootshell wbglinks
security.nnov.ru
 
Copyright © 2001,2002 eyeonsecurity Inc., All Rights Reserved. No portions of eyeonsecurity may be used without express, written permission
 

Microsoft Passport Account Hijack Attack

An analysis of one attack on Microsoft (now .NET) Passport - Cross Site scripting. This document describes an obvious flaw in the security of this system and how an attacker can proceed to exploit such a flaw to gain access to other user's accounts. This paper covers the following points:
-
- An introduction to Web Applications and the underlying authentication schemes and concepts
- Description of the idea behind Microsoft Passport
- How Microsoft Passport actually works and how to use that knowledge to gain unauthorised access.
  How to go about exploiting Cross site scripting
- Bypassing countermeasures for Cross site scripting
- An actual exploit scenario

Download Paper (need pdf view eg. acrobat reader)
View online version
Old version (online)