Hotmail Hacking Threat

[Robdav007]

I have talked to a few friend who reckon that their hotmail accounts are getting hacked often and are having to change address's all the time.

One of them who's account got hacked had a very long password that is denfinatly unguessable but he still got hacked.


How can people do this, i have heard rumors that it is as easy as sending a e-mail somewhere that will send a password back; is it that easy???



Just wondering

Robert Davison

[dac0braman]

well you can easily brute force it with a program called munga bunga's HTTPBF but the chances of hotmail catching you is very high but I have never heard of that e-mail you are talking about

[MrLinus]

Ya. That's one way. Social engineering into convincing a user that they need to send their password or something. Never send passwords via email even if it's the ISP/host asks for it. If it's the host they should have high enough admin access to go in if they truly need to.

Another way would be using a tool like ettercap, which collects passwords as they travel past on a network.

[DjM]

Your friend could also have a Trojan/backdoor/keylogger installed on his computer that is storing/forwarding this information to the Scriptkiddy . Have you checked for any of these?


Cheers:

[gore]

Originally posted here by DjM
Your friend could also have a Trojan/backdoor/keylogger installed on his computer that is storing/forwarding this information to the hacker. Have you checked for any of these?


Cheers:

Could we please refrain from calling this person a hacker? come on now what self repecting hacker goes after hotmail accounts with a keylogger.

[DjM]

Originally posted here by gore
Could we please refrain from calling this person a hacker? come on now what self repecting hacker goes after hotmail accounts with a keylogger.

Sorry gore, lost my head for a second. I'll edit my post to read "Scriptkiddy".


Cheers:

[pr0letariat]

yeah, i'd go with the keylogger idea, although Ms Mittens ettercap idea is plausible, i'd think your friends just got owned by the crackers (prolly that damn sub-seven?) anyway, any decent Anti-Virus will pick up on those common/popular trojans...

[redhawk14506]

I agree with gore on that level, only script kiddies would waste thier time on hotmail accounts. It could be true that there is a backdoor/keylogger/trojan, but only a script kiddie or VERY amature/immature hacker would steal someone's hotmail account. Oh nad by the way most of those E-mail things are just frauds to steal YOUR password, so don't try them.

Sorry about that negative post DjM, my computer didn't update till after you changed it to scriptkiddie.

[Amanda]

Yeah and then theres always keylogers, fake logins, and the dangers of useing a public PC. A keyloger will make logs of the keys you press and if your useing a friends connection or your useing the computers in your local library then someone could just walk up to that PC and nab a few passwords right out of cookies and things. A fake login would have that little signin button on some site... when you click on it things appear to be fine intil you try loging in & it might even hit up for additional info (IE) your location, Q&A, age, (ect).

Most of the kiddies who screw with mail usually know the peaple who own the accounts. Are you and your "Friends" networked like in a office or lan gameing party?

[bballad]

Dose your friend use a public terminal...if so dose he mention this to hotmail...some one could be sitting down after him.