Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: Worried and feeling low???????

  1. #21
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238
    This has seemed real suspicious for the starting to me so I'm going to ask you, why must you know how he did it? You seem to be asking for a step-by-step procedure on how he got your password and logged into your account.
    Whilst I agree with you Raion, and I think you are right to voice it, I would argue that he seems come from a place of genuine newbie curiosity.


    Jon the fluffer Frond
    Sarcasm is a way of life

  2. #22
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    If someone broke into something of mine, I would definitely want to know how they did it. Especially if it could assist me in preventing it from happening again. There is no harm in knowing how an attack is carried out, it is what you do with the knowledge that matters.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #23
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675

    Re: Worried and feeling low???????

    Originally posted here by bisht_kamal
    ...I am positivly sure that he did not knew the password...
    If this is legit.. I disagree. I am very confident he has done some shoulder surfing, can diving, listening in, etc. and acquired your login, then waited until the right moment so he could "display his skillz". It is one of the easiest (oldest) methods to gain access especially if your are not expecting someone (like a coworker) to do it.

    I used to do this and then walk up to the person, let them know that they should change their password. They would ask why? And then I'd tell them their password and how I acquired it. I've done it in grocery stores and told the patron their pin, and then told them to be more secretive about how they enter the numbers on the keypads. Some folks get pissed, but others would say, "No way! That was too easy, I'm getting it changed." Fortunately for them, I'm one of the good guys!

    Anyway, here's an easy test. Change the darn password, to one a good solid one, delete all the history, cookies, etc., as mentioned above, and then have him do it again! I will eat my words if he can!

    cheers
    Connection refused, try again later.

  4. #24
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I still say: you need to clear out all your cookies, login to Yahoo mail, and then sign in using SSL. Then see if he's then able to pull the same trick.

    If he can't pull it off this time, it's a session hijack, probably via a cookie. And if he did use some kind of aforementioned hijack, he probably does NOT have your password. He needed a cookie off your machine to pull it off.

    If he CAN pull off the same trick after you cleared the cache (use CCleaner!) and logged in via SSL, well, I'd say it was a keylogger. Another thing: if it was a k-logger, he's got your user name and password and can pull off the login to your Yahoo acc't from HIS workstation.

    You need to play with this guy a little bit. Don't overreact. Play it cool and glean from him what you can. Let us know.

    Maybe you could show him a trick on his machine. Tell him not to look, bring up a command prompt, then type in "format c:".

    You can always say you're sorry.

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #25
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I could be wrong. According to MSDN, SSL affords scant protection of your cookies:

    http://msdn.microsoft.com/msdnmag/i.../08/WickedCode/

    One more thing you might try on your associate, Kamal, is a little social engineering. Just ask the guy about session hijacking using cookies. If he gives you a "Huh?", just ask him, "The cookies thing, how'd you do it EXACTLY?"

    Make him think you're on to him (you are, aren't you?) and see how he reacts. Don't be intimidated or afraid of the situation. Just put him on the defensive...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  6. #26
    Junior Member
    Join Date
    Mar 2003
    Posts
    28
    Being suspcious Ok, You have the right to be. I hope you remember your first days in the world of computer and networking. The itch that hits you right into eyes, when you see something out of the box happening. The wonder wand that you wished was yours when your saw the magician used to pull up a out-of-air rabbit. Did'nt you as a kid felt the curosity to know what was done. I think that is how everybody as a learner shold feel.

    Practical man and visiulaization !!! A lot of theroy has been given and beleive me it has helped me a lot. but then It is not my resolution. And that is why I am curious.


    Remeber it was your curosity that made you understand how to type in to computers >> Catch a fish >> Ride a Bike and if you remember that. Then you might, as well remember the joy of succeding in any one of them.

    I understand that what I am talking about is not something like diriving a bike, I can use this information to access somebodies account. May be I am tempted to and may be I am sane enough to value his/her privacy. But that does not means that learning to drive a bike and even after learning the Bike. I gaurantee I am not prone to accidents.

    I THANK YOU all for you efficent feedbacks. My Search will however continue.

    Also Raion, just think where we would all be if Newton and Bush would not have been curious to know why??????

    And think where you would be???

    Thanks all
    You were a real nice people to talk with.

    See you Raion.

  7. #27
    Greeting's

    Okay i have to post my questions again because you still are looking for the answer :

    1. Are you the owner and the only user of the computer ? (what i mean is do you only use it or does he have access to it. If he does have access what is the user level of access that he has)

    2. Do you use any kind of password storing application or do you even use IE AUTOCOMPLETE feature

    3. Did you clear your cache file after logging off ?

    If you just answer them, you will get your answer.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  8. #28
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    You said you logged off. I've seen plenty of instances where hitting the back key (after logging off) retrieves the last page you were on (including e-mail). It may not allow you to do anything without logging in (if you try anything, it'll usually give a timeout message), but I've seen it happen on a lot of pages. Yahoo may not be a page where this happens, but you never know.

    A.J.

  9. #29
    Hello there,

    I am sure he pulled out the data from ... one of the file.
    he blocked my veiw

    How can you specify what he did & be so sure about it, when you couldn't see anything!.

    Plus if I was the one with such a knowledge, then I wouldn't want any
    of my other associates knowing my secret capabilities, unless you are a
    very close friend, but then in this case I wouldn't hide anything from you.

    So I think that the best think for you to do is to persuade your friend to
    show you how he did it, then you can come and tell us.

  10. #30
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238
    The wonder wand that you wished was yours when your saw the magician used to pull up a out-of-air rabbit
    I have never been able to pull a rabbit out of a hat, but I can pull a hair out of my ar*e.



    Sorry guys..... I know.... but I couldn't help myself...... I mean what do you do when you see such a blatant comedy moment?



    The Fromedy Store
    Sarcasm is a way of life

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •