Recently, I got a scrap from someone who's in my "Friendlist" for quite sometime. It goes:
I have uploaded My latest pic.....Have a look...Copy and paste in address bar:-http://tinyurl.com/2w5oal Do comment!

Now, I was really interested to see his pic. But what I find was really frightening. That was page same as the login page of Orkut. (Do visit it) But careful attention reveals that the address is something else. It's something like this: http://picss.we.bs/Login1.html. And the source of the page is simply is more terrible. The script of the login form is located at: http://www.big-llc.com/formmailer/submit which should have been (for the real orkut login script) is at https://www.google.com/accounts/ServiceLoginAuth?service=orkut! Horrible!

How it works?
Very simple. The hackers create a php or cgi script that sends the password and the username to their beloved server whenever someone "log-in" from this page. To make it more flawless they redirect you to Orkut login page making you believe that something must have gone wrong when you are logging on.

What you can do?
Fake login pages are everywhere. A few days back Rahul wrote some story about Yahoo fake login pages (which I can't find from his archives). You should really keep your eyes open to see any differences between the page you are login from and the one you are familiar with. And do check the address bar. It would never fake.

Labels:

blog comments powered by Disqus
Blogger Gaurav said...
thanks a ton!!

I was about to do that.

U saved me dude
Blogger husian said...
can u temme step by step how to create fake login page of orkut..??
Blogger Abhisek said...
husian, :o no exploiting buddy. All i can say is these pages are created (rather developed) with CGI. learn some python or CGI scripting... but don't exploit! :)
OpenID Aditya said...
Beats me why people still stick with Orkut. It's very clear that security and/or privacy (almost) doesn't exist. Orkut is playing catch-up with Facebook/MySpace in every way ...

And the biggest Orkut users and Brazilians and Indians. The rest of the world is on Facebook and MySpace. What's keeping you there? (except for the fact that all your friends are there ... which brings me to my initial point)
Blogger Abhisek said...
@Aditya, it's some kinda craze that an ordiamry Indian college goer is in. You are right in saying that privacy and security is at stake. But finding out those haven't-met-for-long-time people is what brings them to orkut. I think you answered it all! :)
Blogger varun said...
can u help me 2 hack an orkut account...


adu787adu@yahoo.com