I was thinking the same thing.
I've tested a program called iepv.exe and it allows you to see the saved password in IE. I'm sure hackers either use that or something very similar to steal (harvest) account credentials. Thomas J. Raef <http://www.wewatchyourwebsite.com/> We Watch Your Website "We Watch Your Website - so you don't have to!" [email protected] 847.728.0214 From: [email protected] [mailto:[email protected]] On Behalf Of Larry Seltzer Sent: Monday, September 26, 2011 7:12 AM To: Joel Esler Cc: FunSec List Subject: Re: [funsec] GoDaddy fights back against a hacker attack that hit 445 web sites It seems to me the most likely thing is that this collection of credentials was obtained through conventional means like keyloggers or phishing.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
