Pragma Posted November 2, 2006 Share Posted November 2, 2006 I've recently created a profile at myspace.com and noticed usernames and passwordsa are transmitted in clear text. Is there any way to conceal or encrypt my credentials from possible sniffers? Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 2, 2006 Share Posted November 2, 2006 Nope: wget https://myspace.com/ --00:53:11-- https://myspace.com/ => `index.html' Resolving myspace.com... 216.178.32.50, 216.178.32.48, 216.178.32.52, ... Connecting to myspace.com|216.178.32.50|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.48|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.52|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.137|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.49|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.51|:443... failed: Connection refused. Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 2, 2006 Share Posted November 2, 2006 Reason #3543 not to use myspace lol... Welcome to the forums mate. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 2, 2006 Share Posted November 2, 2006 (New post to make clarity understood) You could VPN out to a remote computer (i.e. Proxy server), the user name and password (along with every thing else) would be completely unreadable, but that only lasts until the connection leaves the remote host. So while some one sniffing your connection won't be able to see it, any one sniffing your remote hosts connection will. Quote Link to comment Share on other sites More sharing options...
Pragma Posted November 2, 2006 Author Share Posted November 2, 2006 Very interesting! Not exactly practical though. I need to do more research on this but I wonder if it's possible to wrap the packets up in some sort of encryption for transmission then unencrypt itself once it senses the syn/ack during the 3 way handshake with the server. (New post to make clarity understood)You could VPN out to a remote computer (i.e. Proxy server), the user name and password (along with every thing else) would be completely unreadable, but that only lasts until the connection leaves the remote host. So while some one sniffing your connection won't be able to see it, any one sniffing your remote hosts connection will. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 2, 2006 Share Posted November 2, 2006 I need to do more research on this but I wonder if it's possible to wrap the packets up in some sort of encryption for transmission then unencrypt itself once it senses the syn/ack during the 3 way handshake with the server. No... for he connection to be encrypted the server has to initiate the encryption. If you send a web server encrypted http packets, the server will egnor them and posably flag them as possible hack attempt. Clearly the owners of myspace don't like there users enough to give them the option of an encrypted connection, even if it's just for the login process. Really encryption should be used the whole time you are logged in, other wise you are open to a cookie thief. This is why Darren should create a certificate him self and get Dreamhost to put it on this server ;) Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 2, 2006 Share Posted November 2, 2006 How many MySpace users know what encryption is? How many would know how to use it? How many care? Quote Link to comment Share on other sites More sharing options...
take it take Posted November 2, 2006 Share Posted November 2, 2006 Why is moonlit so condescending? Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 2, 2006 Share Posted November 2, 2006 I was replying to Sparda. Besides, how many would? I know it's popular opinion that most people on MySpace are dumbasses, I won't give an opinion on that but idiots or otherwise they still might not know or care about encryption. Edit: I've heard plenty of stories of people putting private info on MySpace saying "oh, I haven't got any personal info on the net, I only put it on myspace"... d'you think these people care about encryption? Granted, that's not the only people that use MySpace but those people would certainly not care about encryption. Quote Link to comment Share on other sites More sharing options...
take it take Posted November 2, 2006 Share Posted November 2, 2006 I was replying to Sparda.Besides, how many would? I know it's popular opinion that most people on MySpace are dumbasses, I won't give an opinion on that but idiots or otherwise they still might not know or care about encryption. Yeah dude, let's all make sweeping generalizations of everyone. :roll: Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 2, 2006 Share Posted November 2, 2006 but idiots or otherwise they still might not know or care about encryption. MIGHT not. I didn't say that everyone on MySpace is a braindead fuckwit, I just said that I personally don't know how many care. How many people have you heard complaining that MySpace isn't secure enough? Sure, some will but most people don't want the technical details. They want MySpace to load, they don't care if this info is encrypted or not. Quote Link to comment Share on other sites More sharing options...
take it take Posted November 2, 2006 Share Posted November 2, 2006 "I know it's popular opinion that most people on MySpace are dumbasses" is quite a generalization, regardless if you think so or if the "popular opinion" thinks so. Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 2, 2006 Share Posted November 2, 2006 Now you're nit-picking... if you'd bothered trying to walk past that opportunity to start a flame war here you'd have realised what I actually meant: There are MySpace users who; Have no idea whatsoever about anything, Are intelligent but don't necessarily follow internet security, Are intelligent but do follow internet security but don't care, Are intelligent, follow internet security and want their passwords encrypted. Now, where do people think most MySpace users fall in that list? Bear in mind that only 1/4 of the catergories in this list account for the people who would require the answer this post is here to get. There are enough people yelling "mY$p4C3 5uXX0rZ!!" to be able to guage the general opinion of people here about the service. I know this does not account for everybody but come on, there's no need to start mudslinging over this. Quote Link to comment Share on other sites More sharing options...
take it take Posted November 2, 2006 Share Posted November 2, 2006 Now you're nit-picking... if you'd bothered trying to walk past that opportunity to start a flame war here you'd have realised what I actually meant:There are MySpace users who; Have no idea whatsoever about anything, Are intelligent but don't necessarily follow internet security, Are intelligent but do follow internet security but don't care, Are intelligent, follow internet security and want their passwords encrypted. Now, where do people think most MySpace users fall in that list? Bear in mind that only 1/4 of the catergories in this list account for the people who would require the answer this post is here to get. There are enough people yelling "mY$p4C3 5uXX0rZ!!" to be able to guage the general opinion of people here about the service. I know this does not account for everybody but come on, there's no need to start mudslinging over this. Right... and the majority of series of tubes users knows a shitload about encryption and internet security? :roll: Quote Link to comment Share on other sites More sharing options...
Guest Posted November 2, 2006 Share Posted November 2, 2006 the way i see it is myspace =gay, anyone that uses myspace =gay, there for you must be gay :roll: Quote Link to comment Share on other sites More sharing options...
Pragma Posted November 3, 2006 Author Share Posted November 3, 2006 Here's an interesting way to do it from a friend's suggestion; 1. Set up a shell account on a trusted server 2. Download Putty {assuming it's Windoze for you} http://www.chiark.greenend.org.uk/~sgtatham/putty/ 3. Set up a Putty profile that will dynamically forward a given port - let's say localhost:1337, save the session, and open it. 4. Download FoxyProxy, for Firefox: http://foxyproxy.mozdev.org/faq.html 5. Configure FoxyProxy to use a SOCKS 5 proxy for Myspace and whatever other websites you desire. It sounds more complex than it is. 6. Surf. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 3, 2006 Share Posted November 3, 2006 That's the method I suggested, but as I said, it's only encrypted until it leaves the proxy server. Quote Link to comment Share on other sites More sharing options...
Rab Posted November 3, 2006 Share Posted November 3, 2006 How many MySpace users know what encryption is?How many would know how to use it? How many care? if people cared about anything, myspace would be dead,...for about 3542 reasons.... stupid emos. Quote Link to comment Share on other sites More sharing options...
sadisticsaviorx Posted November 3, 2006 Share Posted November 3, 2006 Theres nothing like giving a chick your myspace instead of your digits. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted November 3, 2006 Share Posted November 3, 2006 .... .... ...... Dude if I asked for a phone number and got a Myspace URL I might have to hurt someone. Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 3, 2006 Share Posted November 3, 2006 Dude if I asked for a phone number and got a Myspace URL I might have to hurt someone. Likewise, that would make we mant to really, really hurt something. Quote Link to comment Share on other sites More sharing options...
DLSS Posted November 3, 2006 Share Posted November 3, 2006 Dude if I asked for a phone number and got a Myspace URL I might have to hurt someone. Likewise, that would make we mant to really, really hurt something. yeah and basically myspace is just the follow up of look n meet (almost as bad ... same principal but a lot older ... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.