Printable View
I have talked to a few friend who reckon that their hotmail accounts are getting hacked often and are having to change address's all the time.
One of them who's account got hacked had a very long password that is denfinatly unguessable but he still got hacked.
How can people do this, i have heard rumors that it is as easy as sending a e-mail somewhere that will send a password back; is it that easy???
Just wondering
Robert Davison
well you can easily brute force it with a program called munga bunga's HTTPBF but the chances of hotmail catching you is very high but I have never heard of that e-mail you are talking about
Ya. That's one way. Social engineering into convincing a user that they need to send their password or something. Never send passwords via email even if it's the ISP/host asks for it. If it's the host they should have high enough admin access to go in if they truly need to.
Another way would be using a tool like ettercap, which collects passwords as they travel past on a network.
Your friend could also have a Trojan/backdoor/keylogger installed on his computer that is storing/forwarding this information to the Scriptkiddy . Have you checked for any of these?
Cheers:
Quote:
Originally posted here by DjM
Your friend could also have a Trojan/backdoor/keylogger installed on his computer that is storing/forwarding this information to the hacker. Have you checked for any of these?
Cheers:
Could we please refrain from calling this person a hacker? come on now what self repecting hacker goes after hotmail accounts with a keylogger.
Sorry gore, lost my head for a second. I'll edit my post to read "Scriptkiddy".Quote:
Originally posted here by gore
Could we please refrain from calling this person a hacker? come on now what self repecting hacker goes after hotmail accounts with a keylogger.
Cheers:
yeah, i'd go with the keylogger idea, although Ms Mittens ettercap idea is plausible, i'd think your friends just got owned by the crackers (prolly that damn sub-seven?) anyway, any decent Anti-Virus will pick up on those common/popular trojans...
I agree with gore on that level, only script kiddies would waste thier time on hotmail accounts. It could be true that there is a backdoor/keylogger/trojan, but only a script kiddie or VERY amature/immature hacker would steal someone's hotmail account. Oh nad by the way most of those E-mail things are just frauds to steal YOUR password, so don't try them.
Sorry about that negative post DjM, my computer didn't update till after you changed it to scriptkiddie.
Yeah and then theres always keylogers, fake logins, and the dangers of useing a public PC. A keyloger will make logs of the keys you press and if your useing a friends connection or your useing the computers in your local library then someone could just walk up to that PC and nab a few passwords right out of cookies and things. A fake login would have that little signin button on some site... when you click on it things appear to be fine intil you try loging in & it might even hit up for additional info (IE) your location, Q&A, age, (ect).
Most of the kiddies who screw with mail usually know the peaple who own the accounts. Are you and your "Friends" networked like in a office or lan gameing party?
Dose your friend use a public terminal...if so dose he mention this to hotmail...some one could be sitting down after him.