-
July 7th, 2010, 08:52 AM
#1
So gmail was hacked
Hi Guys,
Got about a 4th mate whos gmail aco**** was compromised. Now they are not network gurus but I did train them to have complex password , more than 10 characters, mixed characters, number etc.
But they just let me know that two of there accounts was hacked.
What is the deal here?
They do not open a mail they are not 100 % sure of the legitamacy. AV running permanently on their PC. Without a keylogger in the background how is this being done.
Do you guys use Gmail or another service?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 7th, 2010, 12:21 PM
#2
There was a unpatched 0-day floating around recently.
Other then that tell them to change there passwords secret question etc and to check it they have forwarding or pop3 enabled in settings etc.
also how often do they log into the actual gmail account from https://gmail.google.com ?
if it's like hotmail/live etc if you don't log into the actual e-mail account they shut the account down and others can re-register the account and get the past owners e-mails.
-
July 7th, 2010, 01:58 PM
#3
Tip....never believe users....they lie. They open stuff and click on links all the time.
Alot of the new malware is using social engineering and unpatched applications\oses ...just watched a great video on you tube about the varied attack vectors...specifically the Zeus variants
http://www.youtube.com/watch?v=CzdBCDPETxk
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
July 7th, 2010, 02:08 PM
#4
Junior Member
Originally Posted by morganlefay
Tip....never believe users....they lie. They open stuff and click on links all the time.
Alot of the new malware is using social engineering and unpatched applications\oses ...just watched a great video on you tube about the varied attack vectors...specifically the Zeus variants
http://www.youtube.com/watch?v=CzdBCDPETxk
MLF
agree with this comment.beware with shortlink at your inbox
-
July 7th, 2010, 02:25 PM
#5
Downloading now, thanks MLF.
edit: the 0 day attack you are talking about is Adobe reader, right?
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 7th, 2010, 02:44 PM
#6
Yes...adobe is definitely one of them
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
July 7th, 2010, 02:55 PM
#7
Originally Posted by morganlefay
Yes...adobe is definitely one of them
MLF
add a little ajax handling into that also.
also nice Video morgan
-
July 7th, 2010, 03:25 PM
#8
This 0 day you speak of Hybrid, tell me more. Are you referring to encoding an email with these scripts and gmail renders and runs the script within the email or is it an actual attack on the google servers since they are using AJAX improperly? DETAILS! GIVE THEM TO ME!!!..... please?
-
July 7th, 2010, 04:20 PM
#9
a little bit from column "A"
there are loads of "fun" 1 can have with badly handled ajax parsing for instance VB3.8.4 has a nifty ajax issue.
Last edited by HYBR|D; August 30th, 2010 at 12:36 AM.
-
July 8th, 2010, 08:26 AM
#10
Some of these guys save their user / password in a plugin to IE to save these passwords. They say that by doing this to autocomplete their credentials keyloggers cannot get hold of their data.
Strangely enough only the username / passwords saved here are the accounts that were hacked.
It is a legitimate plugin so what gives o_0 ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
Similar Threads
-
By MrLinus in forum Miscellaneous Security Discussions
Replies: 13
Last Post: August 26th, 2008, 02:16 AM
-
By SDK in forum General Computer Discussions
Replies: 0
Last Post: October 11th, 2004, 05:26 PM
-
By yourdeadin in forum AntiOnline's General Chit Chat
Replies: 12
Last Post: September 16th, 2004, 10:55 AM
-
By phunction in forum Web Security
Replies: 29
Last Post: September 8th, 2004, 10:47 AM
-
By MrLinus in forum Web Security
Replies: 3
Last Post: April 27th, 2004, 07:51 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|