08-06-2009, 04:23 PM
|
Wife's facebook and email accounts hacked...how? (Long)
|
08-06-2009, 04:36 PM
volcs0 wrote: Excellent article. Thank you very much!
08-06-2009, 05:24 PM
As said before, change all her passwords, now!
Has she been on any wifi networks lately? Most can be hacked, even if encryption is being used. Did she use public wifi somewhere? Did she connect to someone else's network while at her sister's? FB could well have been cracked. ALWAYS used a unique password for big sites. Make your profile visible to friends only (by default it's visible to everyone) and NEVER add friends you don't actually know, even if they know 100 of your friends. If you use POP, your password is sent in plain text. Keep that in mind. In IMAP it's encrypted. Use SSL when you can. There's a lot of ways the password could have been gathered, but you'll probably never know how. Mike Sellers wrote: Apps can't gain access to passwords.
08-06-2009, 06:13 PM
"If you use POP, your password is sent in plain text. Keep that in mind. In IMAP it's encrypted. Use SSL when you can."
POP over SSL has been available for years, so as a blanket statement that is incorrect. Some POP servers and clients have been set to be unsecure without SSL, but is is available in all current server and client implementations I am aware of. So use SSL when you can should apply to both POP and IMAP. "My best suggestion for passwords is to use what I call a 'modal' password. Eight letters and numbers." There is one major problem with this approach, by making all your passwords 8 characters long it is much easier to do a brute force crack. Once one falls to that, the others become easy. Varying the length makes it harder to guess since length is one of the parameters involved in randomizing.
08-06-2009, 06:31 PM
JoeH wrote: Yeah, that's what I meant. That's why I made it its own sentence. There's two issues - password encryption, and SSL. POP passwords aren't encrypted, IMAP passwords are. If you use SSL, then you also have a secure connection. If you use IMAP without SSL, your password is still not sent as plain text - unlike POP.
08-06-2009, 06:49 PM
My wife just got this email from Facebook Security:
"Hi xxxxx, Our systems indicate that your Facebook account has been compromised by cybercriminals attempting to impersonate you. These criminals often will try to trick your friends into sending them money by claiming that you are stuck in a far away location and need assistance. It is possible that your email account was compromised as well. As such, we have sent this email to all email accounts recently associated with your account. Obtaining access to a victim's email is one of the primary ways these cybercriminals have been operating. Please change the passwords to any email addresses associated with your account. Once you regain control of your Facebook account, be sure to verify that you control all of the email addresses associated with your account on the Contact Email section at: https://register.facebook.com/editaccount.php We strongly recommend that you select a new, unique password for any email address associated with your Facebook account. You should make sure to avoid using the same password for multiple sites. We also encourage you to visit the following page for more information about Facebook security and how to report suspicious material: http://www.facebook.com/security In order to regain control of your Facebook account reply to this email to get the account verification process started. Thanks, Facebook Security"
08-06-2009, 06:57 PM
If you ever use WiFi (besides your own, esp any non-encrypted ones) or a hotel then it is not very hard to sniff the packets and get all the passwords sent in the clear (such as POP and many, many websites requiring a log on).
08-06-2009, 07:16 PM
pinkoos wrote: I generally don't click links from emails that take me to sites where I have to log in. If I want to log in, I will go to the site directly. In general, it is safe, so long as you make sure the link in the URL is correct, but beware of phishing emails that look just like this one.
08-06-2009, 07:39 PM
pinkoos wrote: Excellent article. Thank you very much! :agree: It might be just the incentive I need to do some password housecleaning.
08-06-2009, 11:03 PM
cbelt3 wrote: great example, great system. I use the same too, except I go one more step. I have a very sophisticated method to generate the Public key. for example, one could use the last 4 characters in reverse order: Site is macresource Private key is s4v# Public key is ecru password is then s4v#ecru Site is appleswitcher Private key is s4v# Public key is rehc password is then s4v#rehc of course, my method is different. Another useful tip: should you have to use a public (or a friend's) computer to log in to email or bank, don't type your password. There may be a keylogger (and perhaps your friend doesn't even know about it) Suppose the password is "password" type "pasurd" then use the mouse, click in between S and U, and type another S. So now you have "passurd" the use the mouse click again between S and U and type W. Now you have "passwurd" go and click between W and U Type O more one letter to the right (use arrow keys) and type hit delete of course, when all this happes, you see some **** on the screen, so you have to have a good memory of what you type and where Then they keylogger would just report a bunch of letters, no one can figure out the actual "paswurd" |
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)