Should This Worry Me...?

[VictorKaum]

The exploit in hotmail can be used to go immediatly to the secret question thing therefor I don't think that's the prob, cause Tim_axe used a random sentence and password. My guess is that either one close to Tim_axe, like for instance a boy- or girl friend did this to have lol; or that he used some public computer and was not properly logged out or something worse, let windows keep the password on disk; or third, his computer is compromised with a keylogger and trojan... ; or fourth some1 changed Tim_axe's hosts files... so he thinks he's on hotmail while he's not... and giving passwords to the attacker... I think there are more possibilities left... (like a network sniffer) but these are the ones that comes to mind.

[jjcampbe]

yeah i knew it had nothing to do with his prob, i was just currious as to what the exploit was.

[Tim_axe]

Thanks for replying everyone... I found out what (who) it was... Turned out it was one of my friends... I let him borrow my Palm Pilot, and since it defaults to viewing everything after I unlock it, he had access to the file that stored my passwords... He copied it to a text file, and logged on and e-mailed me... He deleted the text file off the PC now... I'm gonna change my passwords and use Mobile DB more, because it requests a password for each access to the database...

Again, thanks...

-Tim_axe

[Krakpype]

I don't think you need to worry about this one Tim_axe. Bwa ha ha ha ha ha ha! (inside joke)

[smirc]

I also looked for other information in the header... It looks like they did login to hotmail to send it to me, but if that was true, they'd have to have logged in as me!!! I have a decently complex long password, and the answer to my secret question is just lots of random keys (not asdf). To be on the safe side, I've changed my password again... The message simply said 'gotcha!', with the subject 'boo'... All of the other information matches that of my own, such as the sender name and reply address... Only the hotmail server and the sender's IP are in there. I determined that they logged in from hotmail's website because the message was recieved via HTTP...

Anyone could telnet to a hotmail SMPT server and do a bogus SMPT session. All they have to do is type:

MAIL FROM: tim_axe@hotmail.com

to make it look like you sent it to yourself. Spammers are changing addresses like this all the time. This is kiddies stuff. It doesn't present a security problem as such. It's annoying at most, but not dangerous. I wouldn't waste your time thinking about lamers who pull these types of pranks.

[KublaiKhan]

Wait a second.......you keep a text file with your passwords in it?

Pardon me, but that's not quite kosher, methinks. One should never write down passwords. It's just not done.

Really, if you're going to go leaving your passwords in some file somewhere, you almost deserve to have that happen to you.

[hummer]

well now that you've figured it out, which makes this response a little too late to help but i was gonna say the same thing as what smirc said and you really shouldn't keep a file with your passwords in them. it's just unorthadox.