PDA

View Full Version : ARE THERE ANY COMPUTER SCIENTIST ON THE FORUM?



MOBLEYC57
10-17-2002, 11:02 AM
I use to date this girl off and on for about a year total, she disappeared for about a year, and after drinking beer, partying, and mating with those that made her feel good, she came back. I was hoping that she had changed...one that needs space is not in love...but she hadn\'t. ANYWAY, after seeing that she hadn\'t changed...I finally said to myself...\"Self! Enough is enough.\" Anyway, she hacked into my HOTMAIL and YAHOO accounts sent ugly emails to people that I was associated with, changed my personal ads that I had posted, and went in to delete my address in the Sweepstakes that I had enter, which confirmed that it was her, because she was the only one that knew I entered the Sweeps. What is killing me is how!!? She\'s on this forum, but that\'s not what bothers me...it haunts to no end, not knowing how she did it, and I\'d really like to know. Anyone? Anyone? Thanks!!

CptKipling
10-17-2002, 11:11 AM
There are many ways, some more simple than you think.

-There are unumerable code breaking programs that \"brute force\" their way into your account.

-Various tricks with the encription and things like that (obviously more complex)

-Dummy login screens, where a duplicate of the login screen is made, and changed so that when you hit enter, the information they typed gets forwarded to an email address of your choice.

-Remote login programs, I can recall one not long ago, but it was rumbled and the hole plugged.

belgareth
10-17-2002, 11:18 AM
I own a computer business and have quite a few years experience in the industry. This is something I see all too often and the victim almost invariably left the door open to it happening.

It was easy enough if she had your user name and password. Even if she didn\'t, most people are terribly predictable. The name of a pet, a favored person from a good book, a birthday etc. If she is clever and knows the technology, there are all sorts of ways to handle it. I have a program that shows me everything typed on a computer.

Some suggestions: Change your password frequently. Or at least when ending a relationship. Be creative when you come up with a new password. DO NOT WRITE IT DOWN, ANYWHERE!!!!!

belgareth
10-17-2002, 11:22 AM
I was assuming she was not in the industry. Most of those toys are not readily available outside the industry and are expensive. The one I mentioned can be purchased over the web for $10 and anybody can use it.

CptKipling
10-17-2002, 11:23 AM
Yes that was an obvious one I meant to point out.

The fact that she got into two accounts suggests more than mear guesswork however, unless Mr Mobley uses his password for both accounts, which is entirely understandable.

**DONOTDELETE**
10-17-2002, 11:27 AM
Would it help at all to suggest clearing your history religiously and cleaning out cookies, etc.?

CptKipling
10-17-2002, 11:35 AM
Believe me, do not underestimate the persistance of some of these people.

Ever heard of a trojan? Its a program that gets installed on your machine (usually because it had been bownd to another innocent program). I they lets people access your machine whenever you are online. I had one on mine, I even granted it access through my firewall because the executable was called \"Kernel32\" which I had heard before. It turns out is was the trojan called \"Subseven\", another well known one is called \"Black (or back?? or was that the pun, oh well) Orifice\". Once they have access, they can do whatever they like to you, such as place a \"keylogger\" (like the one you mentioned) that recordes all typed material and sends it to a remote email account.

This isnt the remote access stuff I was talking about, thats different. Someone wrote a program that allowed you to sign into and read your email without loging in (hotmail only). It was intended to be innocent, but of course people took advantage. It didn\'t take long for the hole to be dealt with though.

She doesnt have to be in the industry, anyone can do it, I know some basic techniques, but I dont use them.

CptKipling
10-17-2002, 11:41 AM
Yes and no, there is (or was, not sure) a hole (yes another) that allowed someone access to your account if you didn\'t sign out properly (ALWAYS CLICK ON THE SIGN OUT BUTTON!!), but your cookies are based on your machine, so fairly safe. What the hell, do it, especially if someone else uses your PC, and you never can tell when someone has access.

Everyone should get a firewall aswell, this is the best free one:

Called \"Zone Alarm\",

www.zonelabs.com (\"http://www.zonelabs.com\")

Its free for personal use, download it if you dont already have one installed.

MOBLEYC57
10-17-2002, 12:19 PM
Thanks each and everyone of you!! From the reading, it sounds like the only way to remain somewhat safe from a crazy stalking computer wiz, is to change my password frequently. I never gave her my pass word, she knew my email address, and my password question was \"what city did you retire from\"...that she knew. Maybe that\'s it! Thanks again. Tater!!

abductor
10-17-2002, 03:51 PM
You say that she hacked your Yahoo and Hotmail pass?
I think the problem is at your computer
I think if your pass is strong (up 8, with mixing letters, numbers, symbols)
the bruteforce attacks is clumsy..

I suggest that you use a Firewall..

1 - we will see if the problem is at your computer..

May she put at your computer some trojan. May that trojan
cannot detected very easily by antivirus. (trojan seem a legitimate program)
If you dont have firewall (Norton Personal Firewall, Black Defender,
Conseal, Zone Alarm, etc..)

go to MS-DOS prompt and type:

netstat -na >> you see all current socket conections, do it without connect at net. (ps>for help type: netstat/?)

in my computer the result was that:
TCP 0.0.0.0:1091 0.0.0.0:0 LISTENING
translation:
Well I have a program listening in the door 1091 (Just is a SQL SERVER) and
anyone client connected (0.0.0.0:0)

Most of the trojans is only server listening in some door...
That trojan is waiting for client connected..
depending the trojan It can:
Read/write HD.
Capture screen
Logging the Keyboard Map Buffer (Keylogger)
Open your CD-ROM
Change some configurations, etc...

If your conputer is clean, you canĀ“t see any TCP connection (perhaps trojan modifies some Windows API
then that technique will fail /ubbthreads/images/icons/frown.gif sucks!! )


My friend if you really get a good literature about Security go to:

www.securityfocus.com (\"http://www.securityfocus.com\")
http://packetstormsecurity.nl/ (\"http://packetstormsecurity.nl/\")

More:::
Http://packetstormsecurity.nl/links.html (\"Http://packetstormsecurity.nl/links.html\")

PS-> I Know, I Know for sure... ICQ have millions security flaws....

MOBLEYC57
10-17-2002, 08:24 PM
Thanks Duct for trying to explain...but computers are Japanese math to me! I know how to cut it on and use it. All the terms...DUHHHHHH!!!! /ubbthreads/images/icons/smile.gif She didn\'t do it off my computer, she did it on her home computer. I knew she was good as for cheating at Sweepstakes and stuff, but I didn\'t know she was that good. It\'s amazing the things that people can do with this machine!!!! Thanks!!

**DONOTDELETE**
10-17-2002, 09:57 PM
Mobes, that\'s some nasty ugly retaliatory sh*t -- you say you met this girl from here? She still post here? You want her ass kicked? \'cause I\'ll kick her ass ...

MOBLEYC57
10-17-2002, 10:05 PM
Oh no!!! You don\'t need to be fighting!!! No, I didn\'t meet her on here. After we had been broken up for a while, she came into the library to find me, saw the site\'s name, started visiting thinking I was using mones to get someone else, and checking to see if I had been on. She\'s probably using mones by now. /ubbthreads/images/icons/smile.gif I wouldn\'t be suprised if she\'s on here somewhere. And yes....NASTY she was. It only bothered me about her hacking into my emails because she hurt people that she didn\'t know by sending them nasty grams. People that had sent me pictures, AFTER, we had broken up...the nude pics - she cursed them out, the regular pics - she told them she was my wife. It was terrible!!! I\'m writing all my suppose to be friends, and they weren\'t responding. Anyway, you don\'t need to be fighting, cause you have a serious temper...somebody would get killed!!! /ubbthreads/images/icons/wink.gif Thanks!!! {{{SMOOCH}}}

CptKipling
10-18-2002, 07:13 AM
Man that lady has some issues...

Bet your glad you got out of it!

MOBLEYC57
10-18-2002, 08:49 AM
Didn\'t realize it at the time of letting her run in the pastures...but it\'s the best thing she could have done for me. Where ever she\'s at...is the best place for her, and it\'s definitely not with me. I still don\'t hate her, and wish her the best in all she does. Just glad I don\'t have the worry, and hope she stays away from me and my email accounts. Geeez! After 25 years, I even quit smoking after she left!!! What does that tell you? /ubbthreads/images/icons/smile.gif

abductor
10-18-2002, 09:49 AM
I was thinking about if her really hacked in your email...
Perhaps she only uses a \" Fake email \"...
it is very simple to change origin address of an e-mail
then she send false email and who receives thinks that is you!

Test it!
http://www.sendfakemail.com/ (\"http://www.sendfakemail.com/\")

MOBLEYC57
10-18-2002, 12:09 PM
Yes...I know that\'s what she did, but I just wanted to find out how. It bothers me to no end not knowing. She\'s even on the forum, and still speaking with a forked tongue. I hate it when people lie on me. I know I can\'t control it, but I hate it still. She\'s probably getting of on the pics of the girls I had in my accounts. She has a taste for attractive women. She told me she felt like a man inside of a woman, but still I stayed hoping. You can learn a lot from a dummy!!! /ubbthreads/images/icons/smile.gif

krtel
10-18-2002, 12:51 PM
Well, there are many factors.

1. You could have had a weak password.
2. She snuk a sniffer (trojan) onto your machine.
3. She snuk a key logger (which could explain how she got your password) onto your system.
4. You opened some form of java attachment in hotmail.

Solution: Use complex passwords which consists of lowercase, upperscase, numbers, and symbols, at least 8 characters. Don\'t open attachment from people you are uncertain about.

If it was a trojan, you could easily know if you had anti-virus installed on your system. As for sneaking them on, you have little or no control over that. Windows 95/98 doesen\'t provide much security. Windows 2000 Professional or XP gives you an additional layer of security where you have to logon with your own username and password to get to your profile.

I honestly think #2 and/or #3 occured.

Advice: Install a firewall, like Norton Personal Firewall. With this, even if a trojan or a key logger was installed, it would be stopped right in it\'s track.

And yes, we do have computer scientists on this board, look in my profile. :>

- Krish

krtel
10-18-2002, 12:52 PM
That is true, to falsify the return address. Have the people who got rude emails from you look at their email headers, so they can see the originator\'s true IP address.

- Krish

**DONOTDELETE**
10-18-2002, 12:54 PM
The thing about not opening attachments - wish I\'d known that. I get these spam messages where they say you\'re getting this because you\'re on our list, email here if you want to be taken off? Don\'t do it. The more I email that I want to be taken off, the more spam I get. I think they use the message to verify your address so they can send more crap. i actually even got a phone call at work from a real estate agent saying he\'d got my information from email. I\'ve never asked for real estate information. ...

krtel
10-18-2002, 12:55 PM
If thats what she did, she doesen\'t need to hack YOU personally in any way. Just has to change the return address on the email to YOUR email address. As easy as falsifying the source address when your sending regular mail.


- Krish

abductor
10-19-2002, 01:07 PM
====In reply========
As easy as falsifying the source address when your sending regular mail
krtel
=================

That situation is very unpleasant, the solution is: get a digital certificate and sign yours e-mails.. Free digital certificate at: http://www.thawte.com/ (\"http://www.thawte.com/\")

krtel
10-19-2002, 01:53 PM
A PGP key (SHA1 Hash) is much more secure than that solution.

- Krish

abductor
10-19-2002, 02:20 PM
I agree.
You are right krtel... My public ID key: 0x24A60900 /ubbthreads/images/icons/wink.gif

belgareth
10-21-2002, 06:19 AM
One thing to keep in mind is that there is no such thing as a secure computer if it attaches to an outside line. No more than there are unbreakable locks. That\'s why Fort Knox has armed guards.

I\'ve been in the computer field a long time. The best advice I give my customers is to keep security and anti-virus programs up to date. Change passwords frequently. If you have any reason to believe you have been hacked you should change accounts with your ISP immediately or change ISPs.

It\'s a pain in the butt. But the hackers are smart.

CptKipling
10-22-2002, 05:46 AM
Another good idea is to get an ISP with a roving IP (forget the actual terminology), so that you never have the same IP.

belgareth
10-22-2002, 05:52 AM
Server assigned IP. It\'s the standard for convienance reasons. Static IP usually costs more but can be worth it.

CptKipling
10-22-2002, 05:54 AM
I can remember being warned against getting Demon (UK based ISP, i think) for exactly that reason.

Every little helps.