-
February 13th, 2006, 07:27 AM
#1
Junior Member
Worried and feeling low???????
Hi All,
I have a concern. yesterday in my company while I was accessing my Yahoo! Mail account one of the associate challenged that he can access my this Yahoo! mail account using my computer and I am positivly sure that he did not knew the password.
I logged out before handling him my machine. Now, he blocked my veiw so that i can not see all what was going on. However I am sure he pulled out the data from the computer, one of the file. And Bingo! he was IN!!!!!!!!!!
Now I am sure he was not using this so called any hacking program. What he had was knowledge, that i do not. I just wish to know what he did!!!!!!!!!
I want to repay him. When I do a google search I get all misleading link.
Help guys.
Thanks
-
February 13th, 2006, 07:38 AM
#2
Junior Member
Just for now... And I could be wrong and if I am please feel free to correct me...
Didn't msn go through something with cookies a couple months back where your password was dropped into a cookie and could be decoded extreamly eaisly? or even in plain text, I forget the details behind what that was about...but maybe the same thing?
-
February 13th, 2006, 07:49 AM
#3
Junior Member
I think it was something like this. He did fetched some unreadable characters and that worked. Do you think he used my cookies and if yes, then may I know how?
-
February 13th, 2006, 07:53 AM
#4
It was either him decoding your cookies or he's got a keylogger on your system. I'd suspect the keylogger before the cookies actually...
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!
-
February 13th, 2006, 08:00 AM
#5
I am sure he is running key logger on the system, and looked into the log file and got the password from there.
You said that he blocked your site so you couldn't see what he did then how come you know that he access a file with unreadable characters. Anyways as the key loggers log every single key so obviously information in the log file might look unreadable although they all are keystrokes.
One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!
-
February 13th, 2006, 08:10 AM
#6
Member
I would concur that he probably had a keylogger.
but a few years ago found a few interesting things with yahoo, one of which was the ability to login to your account via the url and your hashed password (which was in the url). Lets just say i had some fun with that locally. Dont know if it was ever fixed, or changed, or what, but ya...
-
February 13th, 2006, 09:19 AM
#7
Member
This guy you were talking about was any smart or something, did he had a great grade where he worked for you to say he had "knoledge".
Now on the one hand, he could use a easy programable(there are tutorials everywhere) keyloger that could record your key strikes. Another fact is that he could use a different keylogger this time to steal your Cookies and decode them. Or he simple got to your computer while you weren't there and backed up some Cookies.
There are lot of posibilities, another plausible one is that someone who knew your password told him.
Anyways, good luck choosing an verry plausible scenario
The access to the computer or
anything else that shows us how the
world works must be total and
unlimited.
-
February 13th, 2006, 11:29 AM
#8
Funnily enough, there are no mentions here of how to remove the keylogger (if there is one). How long did he take to do it? If it took him about 20 seconds and you didn't see/hear him insert any disks, then it's probably a keylogger. So, ship yourself over to Lavasoft and download the Ad-Aware SE Personal executable to install it. Then, run it (preferably in safe mode).
I've also become quite attached to a-squared recently, so you may find that of use as well.
Cheers,
-jk
[edit] Oh, and change your password as soon as you can...
-
February 13th, 2006, 11:59 AM
#9
who needs a key logger?
there are stand alone tools to run from cd or Jump drive to extract passwords from chached files..
as for revenge.. foget it.. treat the demonstration as an example of security weakness... your habits..
as J_K9 said change your password..regularly.. dont cache your passwords (clear your browser cahce)...
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
February 13th, 2006, 12:42 PM
#10
Originally posted here by Und3ertak3r
there are stand alone tools to run from cd or Jump drive to extract passwords from chached files..
Hm...yeah, there are, but even using 350MB rainbow tables it will take at least a couple of minutes to crack the system passwords. And he would have heard something being plugged in, or a CD drive open...
Anyway, next time, don't let the guy on your computer - he obviously knows enough to discover your password, so you just want to secure yourself a bit more and change your password every couple of weeks. And deny him physical access to your PC
Cheers,
-jk
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|