Pragma Posted November 2, 2006 Posted November 2, 2006 I've recently created a profile at myspace.com and noticed usernames and passwordsa are transmitted in clear text. Is there any way to conceal or encrypt my credentials from possible sniffers? Quote
Sparda Posted November 2, 2006 Posted November 2, 2006 Nope: wget https://myspace.com/ --00:53:11-- https://myspace.com/ => `index.html' Resolving myspace.com... 216.178.32.50, 216.178.32.48, 216.178.32.52, ... Connecting to myspace.com|216.178.32.50|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.48|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.52|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.137|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.49|:443... failed: Connection refused. Connecting to myspace.com|216.178.32.51|:443... failed: Connection refused. Quote
VaKo Posted November 2, 2006 Posted November 2, 2006 Reason #3543 not to use myspace lol... Welcome to the forums mate. Quote
Sparda Posted November 2, 2006 Posted November 2, 2006 (New post to make clarity understood) You could VPN out to a remote computer (i.e. Proxy server), the user name and password (along with every thing else) would be completely unreadable, but that only lasts until the connection leaves the remote host. So while some one sniffing your connection won't be able to see it, any one sniffing your remote hosts connection will. Quote
Pragma Posted November 2, 2006 Author Posted November 2, 2006 Very interesting! Not exactly practical though. I need to do more research on this but I wonder if it's possible to wrap the packets up in some sort of encryption for transmission then unencrypt itself once it senses the syn/ack during the 3 way handshake with the server. (New post to make clarity understood)You could VPN out to a remote computer (i.e. Proxy server), the user name and password (along with every thing else) would be completely unreadable, but that only lasts until the connection leaves the remote host. So while some one sniffing your connection won't be able to see it, any one sniffing your remote hosts connection will. Quote
Sparda Posted November 2, 2006 Posted November 2, 2006 I need to do more research on this but I wonder if it's possible to wrap the packets up in some sort of encryption for transmission then unencrypt itself once it senses the syn/ack during the 3 way handshake with the server. No... for he connection to be encrypted the server has to initiate the encryption. If you send a web server encrypted http packets, the server will egnor them and posably flag them as possible hack attempt. Clearly the owners of myspace don't like there users enough to give them the option of an encrypted connection, even if it's just for the login process. Really encryption should be used the whole time you are logged in, other wise you are open to a cookie thief. This is why Darren should create a certificate him self and get Dreamhost to put it on this server ;) Quote
moonlit Posted November 2, 2006 Posted November 2, 2006 How many MySpace users know what encryption is? How many would know how to use it? How many care? Quote
moonlit Posted November 2, 2006 Posted November 2, 2006 I was replying to Sparda. Besides, how many would? I know it's popular opinion that most people on MySpace are dumbasses, I won't give an opinion on that but idiots or otherwise they still might not know or care about encryption. Edit: I've heard plenty of stories of people putting private info on MySpace saying "oh, I haven't got any personal info on the net, I only put it on myspace"... d'you think these people care about encryption? Granted, that's not the only people that use MySpace but those people would certainly not care about encryption. Quote
take it take Posted November 2, 2006 Posted November 2, 2006 I was replying to Sparda.Besides, how many would? I know it's popular opinion that most people on MySpace are dumbasses, I won't give an opinion on that but idiots or otherwise they still might not know or care about encryption. Yeah dude, let's all make sweeping generalizations of everyone. :roll: Quote
moonlit Posted November 2, 2006 Posted November 2, 2006 but idiots or otherwise they still might not know or care about encryption. MIGHT not. I didn't say that everyone on MySpace is a braindead fuckwit, I just said that I personally don't know how many care. How many people have you heard complaining that MySpace isn't secure enough? Sure, some will but most people don't want the technical details. They want MySpace to load, they don't care if this info is encrypted or not. Quote
take it take Posted November 2, 2006 Posted November 2, 2006 "I know it's popular opinion that most people on MySpace are dumbasses" is quite a generalization, regardless if you think so or if the "popular opinion" thinks so. Quote
moonlit Posted November 2, 2006 Posted November 2, 2006 Now you're nit-picking... if you'd bothered trying to walk past that opportunity to start a flame war here you'd have realised what I actually meant: There are MySpace users who; Have no idea whatsoever about anything, Are intelligent but don't necessarily follow internet security, Are intelligent but do follow internet security but don't care, Are intelligent, follow internet security and want their passwords encrypted. Now, where do people think most MySpace users fall in that list? Bear in mind that only 1/4 of the catergories in this list account for the people who would require the answer this post is here to get. There are enough people yelling "mY$p4C3 5uXX0rZ!!" to be able to guage the general opinion of people here about the service. I know this does not account for everybody but come on, there's no need to start mudslinging over this. Quote
take it take Posted November 2, 2006 Posted November 2, 2006 Now you're nit-picking... if you'd bothered trying to walk past that opportunity to start a flame war here you'd have realised what I actually meant:There are MySpace users who; Have no idea whatsoever about anything, Are intelligent but don't necessarily follow internet security, Are intelligent but do follow internet security but don't care, Are intelligent, follow internet security and want their passwords encrypted. Now, where do people think most MySpace users fall in that list? Bear in mind that only 1/4 of the catergories in this list account for the people who would require the answer this post is here to get. There are enough people yelling "mY$p4C3 5uXX0rZ!!" to be able to guage the general opinion of people here about the service. I know this does not account for everybody but come on, there's no need to start mudslinging over this. Right... and the majority of series of tubes users knows a shitload about encryption and internet security? :roll: Quote
Guest Posted November 2, 2006 Posted November 2, 2006 the way i see it is myspace =gay, anyone that uses myspace =gay, there for you must be gay :roll: Quote
Pragma Posted November 3, 2006 Author Posted November 3, 2006 Here's an interesting way to do it from a friend's suggestion; 1. Set up a shell account on a trusted server 2. Download Putty {assuming it's Windoze for you} http://www.chiark.greenend.org.uk/~sgtatham/putty/ 3. Set up a Putty profile that will dynamically forward a given port - let's say localhost:1337, save the session, and open it. 4. Download FoxyProxy, for Firefox: http://foxyproxy.mozdev.org/faq.html 5. Configure FoxyProxy to use a SOCKS 5 proxy for Myspace and whatever other websites you desire. It sounds more complex than it is. 6. Surf. Quote
Sparda Posted November 3, 2006 Posted November 3, 2006 That's the method I suggested, but as I said, it's only encrypted until it leaves the proxy server. Quote
Rab Posted November 3, 2006 Posted November 3, 2006 How many MySpace users know what encryption is?How many would know how to use it? How many care? if people cared about anything, myspace would be dead,...for about 3542 reasons.... stupid emos. Quote
sadisticsaviorx Posted November 3, 2006 Posted November 3, 2006 Theres nothing like giving a chick your myspace instead of your digits. Quote
SomeoneE1se Posted November 3, 2006 Posted November 3, 2006 .... .... ...... Dude if I asked for a phone number and got a Myspace URL I might have to hurt someone. Quote
moonlit Posted November 3, 2006 Posted November 3, 2006 Dude if I asked for a phone number and got a Myspace URL I might have to hurt someone. Likewise, that would make we mant to really, really hurt something. Quote
DLSS Posted November 3, 2006 Posted November 3, 2006 Dude if I asked for a phone number and got a Myspace URL I might have to hurt someone. Likewise, that would make we mant to really, really hurt something. yeah and basically myspace is just the follow up of look n meet (almost as bad ... same principal but a lot older ... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.