January 9th, 2002, 03:40 AM
Come in pl, there is a question
Ok, guys as you have seen when u are loging into your web based Email account, or where ever u must enter a password, as u hit the sign in, u see a message that tells u for example : "it might be possible for others to see your password"
what this exactly mean? and how can one see our password for example while we are logging into our for example yahoo mail account?
January 9th, 2002, 04:26 AM
simple.. someone can plant a trojan in the login page or edit the login page to steal ur password.. or actually be in the server and see what ur doing.. webmasters of that site can see ur passwords u know.. employees or juz normal hand ins of that company who can get their hands on that pc can get ur password...
or even someone is infecting ur pc wid a trojan and watching every move u make in ur pc.. logging every key stroke u make..
January 9th, 2002, 04:29 AM
When you are logging into your web-based e-mail, or hitting any page for that matter, you POST a message in plaintext (unless you're using SSL or some other encryption method - if the little lock doesn't appear in your browser, you're not); when you request a page, picture, text, etc. from a site, you GET a message in plaintext. If, for example, you have a webserver up and running, you'll see something like this in the weblogs:
184.108.40.206 - - [03/Jan/2002:11:09:26 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 326 "-" "-"
(all on one line; this happens to be an idiot trying to script against my own website)
The point of it is this: If you are hitting a webmail account, you may well be doing something like this over the line:
or something similar. This *could* be sniffed as it goes over the wire. To be brief: is it possible that someone could compromise your account? Sure. Is it *likely*? Not really.
January 9th, 2002, 04:30 AM
Oh, yeah ... or the obvious - a trojan could be installed.
Good observation, s0nic.
January 9th, 2002, 04:59 AM
Well you missed one more obvious statement.
Something else called a brute force attack may be implemented to get access to your web based email also.
January 9th, 2002, 05:24 AM
ok, Thank u all,
I am aware of trojans, key loggers ,.............
I just want to sure that while I'm sending a paasword for example to yahoo, if I don't have any trojans or keyloggers installed on my system , no one except Yahoo's admins are able to see my passes !
January 9th, 2002, 06:10 AM
when you are logging in to your yahoo mail account. there are 5 types that might be reading your password.
1. yahoo admins. they can certainly see any input made to their servers.
2. some yahoo who has compromised a box on your subnet, and is running a packet sniffer(while watching it), or running a packet sniffer which is specifically set up to look for logins and passwords.
3. some yahoo who has compromised a box on the same subnet as one of the routers which your login data must pass through.
4. some yahoo who has compromised your machine via a virus, or trojan, or if your machine is unprotected by a decent firewall while on the internet and you got unlucky.
5. someone who has compromised yahoo's machines.
chances are pretty slim, if your ISP has a clue, and if Yahoo has a clue, and if, you have enough of a clue to make sure that you are running a decent personal firewall, as well as good antivirus software with current virus signatures.
January 9th, 2002, 07:38 AM
THere are two ways that i can check for keyloggers and stuff ...the simpler one is ti check the taskbar and startup(msconfig)...and remove any malicious looking programs..the second is to use a good torjan remover..tuscan or norton.....
but thats it is there any other way u can check for trojans and key loggers???
January 9th, 2002, 08:25 AM
Let us not forget packet sniffing as well people. If you are on a LAN, even if on a switch, anyone with the right program and a little bit of knowledge can see every packet of information entering and leaving your machine. Also, that information is jumping around the Net from ISP to ISP, router to router. Anyone has the potential to tap in or intercept your data. We are not talking elite methods here. Sniffing can be done by any lamer these days running a linux box.
\"Computer games don\'t affect kids; I mean if Pac-Man affected us as kids, we\'d all be running around in darkened rooms munching magic pills and listening to repetitive electronic music.\" Kristian Wilson, Nintendo, Inc. 1989
January 9th, 2002, 10:31 AM
At my old job, I helped the sysadmin with stuff when I wasnt busy, we ran ethereal on his network to find info on why someone was running a webserver without his permission. In fact, I d/l ethereal lastnight to play with it some on my own network.
Bolt actions speak louder than words.