Jump to content

Recommended Posts

Posted

I have a very strong suspicion my hotmail's being accessed by a third party. Just how much of a techie do you have to be to be able to do this? I'm thinking it's someone I know who doesn't have access to my computer, but I took the precaution of changing my password anyway. Still think it's being accessed.

As I'm asked to verify password by hotmail on a regular basis, same Yahoo, just how easy is it to hack into by the ordinary man on the street, albeit a bit computer savvy?

Posted

Not being a tekky I would guess that it all depends on the length, complexity and predictability of your password. Passwords that are the user names, names of family, birthdates, favourite football teams etc would be fairly easy for someone with a bit of personal knowledge to crack. Passwords like "Password", "Letmein", "opensesame" etc together with 00000, 11111 etc are also inviting unwanted visitors.

Passwords, IMO, should be seven+ characters long and include capitals and numeric characters and, preferably, be completely random. However this does make it difficult to remember them hence the tendency to use common names etc.

I don't know if there is any specific password cracking software out there but a tekky could help there.

btw why do you suspect your e mail is being accessed by someone else?

Posted

How are you being asked to verify the password? Are you getting an email that says you need to verify it? If you are getting an email saying you need to verify it, they are fake and just a way to get you to tell people your password.

Posted (edited)
Maybe there is a keylogger installed on your system?

I'm aware that easy-to-remember personal information has been said to be easy to access, although I think that most would-be spys, without the benefit of some kind of software, would still have to be pretty persistent/patient to take the time to run through all the personal information of a potential spyee. My password is not my dog's, mother's, budgie's name either, or anything like it.

Password verification is when attempting to log-in, has been for years. Sometimes Yahoo or Hotmail will ask you to log-in again, for verification, on the actual log in page. Of course I wouldn't give that kind of information over an email received in my inbox! I don't ever reply to Nigerians either.

As to the 'how do you know someone's accessing your email'? I know.

Now, what is a keylogger please?

Edited by jackyseymour
Posted

You may have a very secure password but if the browser automatically remembers the password that you have typed in, all the security goes out the window. Some users unintentionally forget to uncheck the box that says "Automatically log me in in this computer" or the "Keep me logged in for two weeks" in Yahoo! Mail and when the user finishes using the computer, some forgets to log out...

Most of the time, the user is the weakest link.

Posted
You may have a very secure password but if the browser automatically remembers the password that you have typed in, all the security goes out the window. Some users unintentionally forget to uncheck the box that says "Automatically log me in in this computer" or the "Keep me logged in for two weeks" in Yahoo! Mail and when the user finishes using the computer, some forgets to log out...

Most of the time, the user is the weakest link.

I only ever access my email accounts on my personal computer, in my own home, and no one else ever has access to it. Next?

Posted

keylogger is a type of spyware that can be installed on your computer. It keeps track of all the keystrokes you make, so it can capture your password. It would probably be installed the same way that a virus is, from in infected file downloaded or received in an email that you ran. Or maybe some software that was less than legal. Try using something like spybot or adaware to check your system.

I don't know your computer savvy level, that is why I asked about the email message. Some people fall for it. Had my mother asking me about them at one point.

Posted

Someone hacked my account here and one other forum that may have had the same password. Other accounts were not hacked. I used 8-12 digit alpha numeric passwords (now use much more) and I never got to the bottom of it from either site. They changed my password and made a couple of stupid posts. The passwords were not easily identifiable.

It is possible to hack the passwords to a forum from the inside if you are savvy enough.

I also only ever use my computer here at home and though the missus does use it, she can barely email and uses her login area as a user anyway.

I was shit scared but would rather have found out who did it rather than the investigation trail just going cold.

I'm copying this in case it happens to go AWOL !

Posted
keylogger is a type of spyware that can be installed on your computer. It keeps track of all the keystrokes you make, so it can capture your password. It would probably be installed the same way that a virus is, from in infected file downloaded or received in an email that you ran. Or maybe some software that was less than legal. Try using something like spybot or adaware to check your system.

I don't know your computer savvy level, that is why I asked about the email message. Some people fall for it. Had my mother asking me about them at one point.

Hmmmm, keylogger. Sneaky. Will run Spybot. Thanks a lot :o

Posted
You may have a very secure password but if the browser automatically remembers the password that you have typed in, all the security goes out the window. Some users unintentionally forget to uncheck the box that says "Automatically log me in in this computer" or the "Keep me logged in for two weeks" in Yahoo! Mail and when the user finishes using the computer, some forgets to log out...

Most of the time, the user is the weakest link.

I only ever access my email accounts on my personal computer, in my own home, and no one else ever has access to it. Next?

Next? Well, you didn't say that in your original post. Did you?

I am just trying to help here If you will provide incomplete information about your problem, don't expect anyone to provide an accurate answer.

Keylogger... Spyware...

That could be your problem or you are just paranoid.

Try running Cure It from Dr. Web

It will dig out those stubborn infections in a jiffy and give you the peace of mind that you need.

Posted

If you use the same ID or passwords on forums such as this as well as your email account, you may find that some people that have high enough admin access may 'play' with your account infomation. I have seen this happen on other fourms, it is a good idea to use different information for the different places you play on the internet.

Has anyone else had access to the computer that you use?

The keyloggers that are mentioned can either be in the form of a small piece of electronics hardware that typically is connected to the cable coming from your keyboard to the computer, they look like a small adaptor. The person would need to have access to install then remove the logger as some time later. Software loggers could be installed either by someone 'using' your computer with the logger application installed from a USB device that they brought with them or from their online email account for example. Or it might have been installed as a trojan piggy backed on smal funny attachment sent by the person you suspect.

A physical check of your system and running a software health check would be sensible thing to do.

Do you write your passwords down, do they have access to that book?

Do you use a password theme in different places, like colors or animals? (Change the theme.)

Getting onto the 007 and semi paranoid areas, is it possible that you are observed typing at your keyboard? (Camera)

Posted

well, I also have the same thing, when while I was online in yahoo messenger, I was automatically kicked out, the message says, its because,it was used by another computer, or shall I say the account was used by another computer.Before this happen, I already confirmed this by logging in to a friend yahoo account while he is online, and yeah, he was automatically kicked out, but he knows that Im the one logging in (dont worry, its a general email for us, about craps and everything). Now back to my original yahoo account, it happened exactly what I had just said.Im wondering , it appears that somebody knows my yahoo password now?

Posted

CUBAN>>

wow, thank you for the information about KEYLOGGER, now its scared me off. I have been on internet banking on my laptop with a cracked norton internet security 2007, should I buy the genuine one? LOL< seems an irrelevant question on this thread, please bear with me guys..

Posted

It was possible to gain access to hotmail accounts a few years ago. I have no idea about it now.

A few years ago I wanted to security test one of my hotmail accounts. All it took was a quick search and follow some instructions.

2 attempts and I had access to it. No passwords were needed.

I’d suggest the OP start another email account known only to them and the party they correspond with for dealing in private or sensitive emails.

My lawyer at the time would only deal via fax as he said email accounts were too easy to access.

Posted
CUBAN>>

wow, thank you for the information about KEYLOGGER, now its scared me off. I have been on internet banking on my laptop with a cracked norton internet security 2007, should I buy the genuine one? LOL< seems an irrelevant question on this thread, please bear with me guys..

Hard to say. I have seen people post cracked versions of anti-virus software that contain viruses. Most are probably ok and have just been cracked. I would download another free program to scan it and make sure that there are no problems.

Posted
You may have a very secure password but if the browser automatically remembers the password that you have typed in, all the security goes out the window. Some users unintentionally forget to uncheck the box that says "Automatically log me in in this computer" or the "Keep me logged in for two weeks" in Yahoo! Mail and when the user finishes using the computer, some forgets to log out...

Most of the time, the user is the weakest link.

I only ever access my email accounts on my personal computer, in my own home, and no one else ever has access to it. Next?

Next? Well, you didn't say that in your original post. Did you?

I am just trying to help here If you will provide incomplete information about your problem, don't expect anyone to provide an accurate answer.

Keylogger... Spyware...

That could be your problem :o .

Try running Cure It from Dr. Web

It will dig out those stubborn infections in a jiffy and give you the peace of mind that you need.

There was no need to make mention of these very obvious facts in my original post. Please do excuse me. I constantly forget that of the legion of dimwits on Thaivisa, I always expect the 'computer' forum to be above par on the IQ scale. I did not give 'incomplete information'. I gave salient information. I would commend you to consider the fact that not all postees on Thaivisa are idiots, although I do have to agree that regretfully, an awful lot are.

Now. Next time you feel the urge to respond, albeit in an inconsidered way, to a post on this particular forum, and, given the fact that the poster seems erudite take a deep breath ....

Posted (edited)
You may have a very secure password but if the browser automatically remembers the password that you have typed in, all the security goes out the window. Some users unintentionally forget to uncheck the box that says "Automatically log me in in this computer" or the "Keep me logged in for two weeks" in Yahoo! Mail and when the user finishes using the computer, some forgets to log out...

Most of the time, the user is the weakest link.

I only ever access my email accounts on my personal computer, in my own home, and no one else ever has access to it. Next?

Next? Well, you didn't say that in your original post. Did you?

I am just trying to help here If you will provide incomplete information about your problem, don't expect anyone to provide an accurate answer.

Keylogger... Spyware...

That could be your problem :o .

Try running Cure It from Dr. Web

It will dig out those stubborn infections in a jiffy and give you the peace of mind that you need.

There was no need to make mention of these very obvious facts in my original post. Please do excuse me. I constantly forget that of the legion of dimwits on Thaivisa, I always expect the 'computer' forum to be above par on the IQ scale. I did not give 'incomplete information'. I gave salient information. I would commend you to consider the fact that not all postees on Thaivisa are idiots, although I do have to agree that regretfully, an awful lot are.

Now. Next time you feel the urge to respond, albeit in an inconsidered way, to a post on this particular forum, and, given the fact that the poster seems erudite take a deep breath ....

Let's get something straight here.

You are the one asking a question, asking for help.

I am the one who is trying to help somehow.

I have several email addresses and none of those ever got hacked.

You've got one and it's inducing your paranoia.

Answer this simple question now...

Who is the dimwit?

And please, stop acting like you are so important tha people would hack your email address.

Lay off the Red Bull and stop downloading p0r_n.

Next time, try posting your questions in a fortune teller's forum.

You'll be safe that way Jack Say No More.

Edited by sensei
Posted

Change it ever so often, some are easy to figure out(birthdays, age, ID##) make a tough password only you would know, ie first time you were in an airplane, has sex, etc :D:D:o:D

Posted

Use Mozilla Thunderbird portable.

All your passwords will be strored on a thumb drive , therefore even safe from keyloggers (so long as your system/password isn't already compromised)

Just don't lose the thumb drive.

Cheers

Posted
Password safe is a nice little program. Store all of your passwords in strongly encrypted form, you just need to remember the safe password. Includes a random password generator and clears passwords from the clipboard when you close it. So you can have really strong passwords for everything and not have to remember much. I love it.
Posted

Work out the mathematical combinations of say a 10 digit password, upper and lower case including numbers and you'll get the figures which cracked mine. It wasn't an easy word or name and in no way associated wth me yet it was compromised (first time in my life) and actually reset so it was malicious.

I wondered on boards if they could more easily change your email address and then admin can force a change of password. Actually they can force a change of password anyway but I'm not sure if it needs something via email. Anyway, it was here or Teak Door as I use the same username all over the place but with different passwords usually (now always).

Posted (edited)
Work out the mathematical combinations of say a 10 digit password, upper and lower case including numbers and you'll get the figures which cracked mine. It wasn't an easy word or name and in no way associated wth me yet it was compromised (first time in my life) and actually reset so it was malicious.

If it was an "inside job" and the password was reset chances are it wasn't actually cracked. 99% of board software allows Admin. to reset passwords in the event that a user forgets theirs.

I'm not convinced that the OP is actually having their hotmail password compromised, why would someone bother when it's incredibly easy to spoof the sender details if you want a mail to appear to come from someone else.

I'm pretty confident in my 26 character, upper/lower case, numeric and special character password (actually a passphrase) being at least reasonably secure :o

Edited by Crossy
Posted
You may have a very secure password but if the browser automatically remembers the password that you have typed in, all the security goes out the window. Some users unintentionally forget to uncheck the box that says "Automatically log me in in this computer" or the "Keep me logged in for two weeks" in Yahoo! Mail and when the user finishes using the computer, some forgets to log out...

Most of the time, the user is the weakest link.

I only ever access my email accounts on my personal computer, in my own home, and no one else ever has access to it. Next?

Next? Well, you didn't say that in your original post. Did you?

I am just trying to help here If you will provide incomplete information about your problem, don't expect anyone to provide an accurate answer.

Keylogger... Spyware...

That could be your problem :o .

Try running Cure It from Dr. Web

It will dig out those stubborn infections in a jiffy and give you the peace of mind that you need.

There was no need to make mention of these very obvious facts in my original post. Please do excuse me. I constantly forget that of the legion of dimwits on Thaivisa, I always expect the 'computer' forum to be above par on the IQ scale. I did not give 'incomplete information'. I gave salient information. I would commend you to consider the fact that not all postees on Thaivisa are idiots, although I do have to agree that regretfully, an awful lot are.

Now. Next time you feel the urge to respond, albeit in an inconsidered way, to a post on this particular forum, and, given the fact that the poster seems erudite take a deep breath ....

Let's get something straight here.

You are the one asking a question, asking for help.

I am the one who is trying to help somehow.

I have several email addresses and none of those ever got hacked.

You've got one and it's inducing your paranoia.

Answer this simple question now...

Who is the dimwit?

And please, stop acting like you are so important tha people would hack your email address.

Lay off the Red Bull and stop downloading p0r_n.

Next time, try posting your questions in a fortune teller's forum.

You'll be safe that way Jack Say No More.

Excellent answer, and quite well put.....was started to be irritated by his arrogant manner

Posted

> It was possible to gain access to hotmail accounts a few years ago. I have no idea about it now.

I have not looked up this referance, but I seem to remember it was due to faulty session cookies that would allow someone following the original user to access the former's hotmail account. I believe it was fixed by having some server side handshake required.

> I have been on internet banking on my laptop with a cracked norton internet security 2007,

> should I buy the genuine one? LOL< seems an irrelevant question on this thread,

I have a similar set up, I only ever use one sole use laptop for banking. I scan it from time to time for various security lapses. It does not connect to other networks. Before I moved to Thailand I used to run a larger home LAN that had two security computers each scanning the other computers on the network, a case of overkill as they did not detect problems that I was not already aware of in the form of downloads from P2P networks that were to be scanned before use anyway.

As for internet security, IMHO I prefer router based protection, however an effective firewall should be a combination of router based with a well patched operating systems, anti malware scans and a user that does not override these protections when they feel like it or fall for social engineering attacks.

Posted
Work out the mathematical combinations of say a 10 digit password, upper and lower case including numbers and you'll get the figures which cracked mine. It wasn't an easy word or name and in no way associated wth me yet it was compromised (first time in my life) and actually reset so it was malicious.

I do know 2 people that had their hotmail accounts compromised by Nigerian gangs who used them to send fake distress emails asking for money to get back home, but it is quite likely in both cases they just had really crap passwords.

I haven't used hotmail for years so I don't know if they use a secure login page (they didn't use to), in which case your password may have been sent in the clear at some stage and someone picked it up. Web proxies can also be dangerous - our computer guy accidentally left a server at work open as a proxy for a while. It was found and abused by the public pretty quickly, but when we went through the logs (the sudden spike in traffic was how we found it) they were stuffed full of passwords/logins for all sorts of things. It would be a simple matter to set up a proxy to collect peoples details. You don't even have to advertise it, other people will find it and do that for you :o

Otherwise if you are using strong passwords and nobody has access to your computer - there is a good chance you have some spyware on your machine (whether your detection programs find it or not).

Posted (edited)

There was a run of emails which said that they {the sender, who was known to the receiver} had been blocked by MSN messenger and offered a long-on to check their status. Apparently the version going around here looked very professional, and caught a few people. The cookies 'exploit' was around for a while but MS has changed processes to avoid it now.

Regards

PS In many cases, password detection is 99% social engineering, and 1% technical skill.

Edited by A_Traveller
Posted
Password safe is a nice little program. Store all of your passwords in strongly encrypted form, you just need to remember the safe password. Includes a random password generator and clears passwords from the clipboard when you close it. So you can have really strong passwords for everything and not have to remember much. I love it.

And, particularly if you're using Firefox (if not - why not?)............. check out KeyScrambler.

http://www.download.com/KeyScrambler-Perso...4-10571274.html

Posted (edited)

hacking in the true sense, a password, is not something you can do. There is nothing about a password to "hack". You can hack the system is relies on, or a system that system relies on, and in some way obtain the password. But this is not easy, and very very unlikely the way someone would gain access to your email. More likely is cracking, which put simply is trying lots of different passwords until finding yours. This can be guarded against by having a complicated password and changing it regularly. Following cracking, spoofing and phising for your password is the next most likely way. What someone might do to gain your password, depends on whether or not they are specifically after your data or just after anyone's data. It is tempting to think that loss of security is the result of being targetted by some highly skilled technical god, but I can almost guarantee you that the way in which your password was found (if that is what is happening) was not technical nor requiring much skill (cracking, phishing, logging etc). Remember that the weakest link in all security matters with computers, is you.

"I only ever access my email accounts on my personal computer, in my own home, and no one else ever has access to it. Next?"

Do you really know when you are accessing your email account, that you are actually accessing what you think you are accessing? Do you check? How? Hopefully you will not say "because it looks right and it has the right address in the browser".

Edited by OxfordWill
Posted

I have had a reply from CyberTech Computer Support who tell me that a keylogger is indeed a programme which can either be sent by an in infected email, or physically downloaded to another person's computer without their knowing. There is also a little gadget called Sniperspy up for sale on ebay. Both of these programmes can access your computer remotely.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...