Back in 2000 or so I ran an AOL hacking website called AOL-Files.com. One day, BMB, my confounder, successfully tricked a high level AOL employee into divulging his SecurID pin, which was required in addition to the user's password in order to sign on to their AOL accounts. SecurIDs, FYI, are a keychain-like device that you carry around that displays a six digit number which changes every 60 seconds seconds. AOL used it as an extra layer of security for important accounts.
Anyway, BMB gets this information and signs on to the account. Usually by this time the employee has figured out that you stole his information and is in the process of reporting it, so you don't have much time. BMB immediately attempts to go to the AOL Keyword Manager, which lets certain employees manage where specific AOL keywords take you. As it so happens, this employee had that access (it was very rare).
BMB redirected keyword "Welcome", which normally takes you to the AOL welcome screen, to our site, AOL-Files.com. Every person that signs on AOL, you see, gets automatically sent to keyword "Welcome" when they sign on.
For 20 minutes, every person that signed on AOL got sent to our site. We got 75,000 hits before AOL finally fixed it.
For anyone interested, I've got an archive of AOL-Files up on my site, which has a security breaches section that lists a lot of exploits like this one, including one where we stole every three character AIM name: http://www.mattmazur.com/archive/aol-files/index.html
I no longer support stealing people's stuff, but I still think the keyword Welcome exploit was badass.
Anyway, BMB gets this information and signs on to the account. Usually by this time the employee has figured out that you stole his information and is in the process of reporting it, so you don't have much time. BMB immediately attempts to go to the AOL Keyword Manager, which lets certain employees manage where specific AOL keywords take you. As it so happens, this employee had that access (it was very rare).
BMB redirected keyword "Welcome", which normally takes you to the AOL welcome screen, to our site, AOL-Files.com. Every person that signs on AOL, you see, gets automatically sent to keyword "Welcome" when they sign on.
For 20 minutes, every person that signed on AOL got sent to our site. We got 75,000 hits before AOL finally fixed it.
For anyone interested, I've got an archive of AOL-Files up on my site, which has a security breaches section that lists a lot of exploits like this one, including one where we stole every three character AIM name: http://www.mattmazur.com/archive/aol-files/index.html
I no longer support stealing people's stuff, but I still think the keyword Welcome exploit was badass.