Hotmail Hacking Threat

[11001001]

Another exploit (I'm not sure of whether or not M$ fixed it) is that if the user sets their hotmail to remember them at that computer, all it takes is for a cracker to copy two cookie files, and boom, they're in. Regardless of whwther or not the user changes their password.

[noODle]

ONe thing I would like to add is that most hotmail users are not very smart.
Social engineering is the best way to hack into hotmail, I would not advice you to brute force any of these servers. You can and will get caught.
Hotmail uses cookie based authentication which is insecure by default. If you are on the same net as the victim it is a piece of cake to get in.
Like said social engineering is the best way. Just ask for the password, you would not reckon how stupid user can be. The next thing is the reset password option in hotmail.
It is plain stupid.
Press the 'I forgot my password button' and try some defaults (or use social engineering).
This will allow you to reset the password !!!

A stronger security recomended for hotmail is to have the password mailed to another account you 0wn.

By far this is imho the best way to hack that #####'s hotmail account.

The usage of a tool like ettercap can be highly illegal in some country's ! But very efficient.
Breaking into another people's hotmail account is illegal by default to the best of my knowledge.

noODle

[Tetrismaster101]

I tend to get alot of spam in my e-mail box, so I don't really know if someone hacked me or just sign me up for shtuff I really don't want.

[|The|Specialist]

Tetrismaster101, Thats probably just spam dude. If it were a kiddie mail-bombing you then your inbox would quickly fill up to the max as soon as you check it and your account would more then likely be closed by now. Lay off of the porn a little and start blocking things... that might help some.

[s0nIc]

ok, ive had my share of breaking into accounts and here is what i usually do.
I ask for their details, i NEVER ask for the password straight away. Ill ask details that WOULD help me exploit the "I FORGOT MY PASSWORD" feature. ill ask for location, zip codes, probably subttly ask for the answer for the secret question. NOTE, once u break into one account, you can also break OTHER accounts that has THAT account registered as a main e-mail address. so its like a chain, look for the weakest link.

To counter that,

Make sure that you look what info you give out, it may seem nothing but at some point it could mean a lot to crackers.

Make sure you have an e-mergency e-mail thats virtually uncrackable.

Make a separate e-mail for PERSONAL matters and OTHER matters. Secure your PERSONAL e-mail very well and dont use it too often, you can use your OTHER e-mail as much as you want but keep it away from personal stuff like credit card accounts etc.

Learn to study the seciruty level and the importance of your accounts.

make your password Alpha Numeric and using lower and upper case.

If you speak in a diff language, make your secret question NON-English or if possible make it in a language that not many know of. and make sure ur secret question is something only YOU can know.

and a lil paranoia helps. not too much tho.. just a lil.

coz ive cracked accounts, not just e-mails and u have no idea how easy they can be, tho some are quite secure.

[zigzag_8336]

You can't steal hotmail accounts by sending an e-mail, that is just a scam where people give you an official looking e-mail address to send you're password to and then they steal you're account. If you search for "Hacking Hotmail" in Kazaa it is full of those scams.

[drejr77]

Well, I'm fully aware that stealing people's e-mail passwords is looked down upon by veteran hackers, however...no matter how petty getting into e-mail accounts seems, we all have to start somewhere. Maybe I should start by getting a shell account. I do use a lot of public computers. Is it as simple as looking at the notepad file of the cookie to find someone's password? Or is there some sort of decryption process?

[s0nIc]

well here comes the issue with browzers. as webadmins you are capable of reading cookies of your visitors and find out a lot about them. but you have to be a web admin to do it and have a website for people to visit to. but really, hotmail isnt worth the effort, or e-mails if so.

[sswing]

As stated before, be paranoid.
I once had to get a hotmail pass and I just made a 'hotmail cardservice' simple php file
That in a nice email send from another registered hotmail adress can do wonders, it was hard to tell the fakeness.
And yeah, hotmail also has a "secret question", you can use pass with 40 characters but if you always have the same secret question you'll get hacked.

[Robdav007]

Ok cheers everyone.

Just wondering, and I understand that hacking Hotmail accounts is pety, its just thst a friend asked.