<p>when the provider sends and email with a link + hash, it normally wont allow you to send you another link (lets say password recovery email) unless the timeout for the first one expires...the timeout is normally a time/cost function that limits how long or how much money it would cost you to get the hash predicted the following attempt (usually hours)
</p>
<p>anyway, nice website <a onclick="javascript:urchinTracker ('/outbound/article/mailinator.com');" href="http://mailinator.com/">mailinator.com</a>, can be handy!!! anyone knows for how long it keeps your emails? probably not much!
</p>
<div>is anyone aware of cool sampling tools that tries usual tricks (like b8/64/etc encoding, etc) and non-usual ones?</div>
<div> </div><br><br>
<div><span class="gmail_quote">On 7/6/07, <b class="gmail_sendername">pdp (architect)</b> <<a href="mailto:pdp.gnucitizen@googlemail.com">pdp.gnucitizen@googlemail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><a href="http://www.gnucitizen.org/blog/attacking-password-recovery-facilities">http://www.gnucitizen.org/blog/attacking-password-recovery-facilities
</a><br><br>this is a small article from ap (aka pagvac) on how to attack password<br>recovery facilities. this post just briefly scratches the surface and<br>I am sure that he will come up with more stuff in the near future.
<br>Nevertheless, he brought some interesting points. Hava a look. Cheers.<br><br>--<br>pdp (architect) | petko d. petkov<br><a href="http://www.gnucitizen.org">http://www.gnucitizen.org</a><br><br>----------------------------------------------------------------------------
<br>Join us on IRC: <a href="http://irc.freenode.net">irc.freenode.net</a> #webappsec<br><br>Have a question? Search The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/">http://www.webappsec.org/lists/websecurity/
</a><br><br>Subscribe via RSS:<br><a href="http://www.webappsec.org/rss/websecurity.rss">http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockquote></div><br>