Jump to content

MSN/Hotmail password grabbing

silorenzo

By silorenzo
in Questions

 Share

Recommended Posts

silorenzo Newbie

silorenzo

Posted
Posted

A friend of mine is having problems with an ex boyfriend of her sister's. Apparently he is able to access and change their passwords at will. What methods are available to get the passwords either remotely or using some form of backdoor and, what, if any, ways are there of detecting them?

Cheers.

Link to comment
Share on other sites
manuel Newbie

manuel

Posted
Posted
A friend of mine is having problems with an ex boyfriend of her sister's. Apparently he is able to access and change their passwords at will. What methods are available to get the passwords either remotely or using some form of backdoor and, what, if any, ways are there of detecting them?

Cheers.

sorry to tell you, but we do not offer assistance with obtaining passwords like that. Secondly all I can say is "your friend's" passwords must be too simple, and the use of keyloggers may be in play.

Other than that, RTFFM here: http://www.hak5.org/forums/viewtopic.php?t=1674

Link to comment
Share on other sites
psychoaliendog Newbie

psychoaliendog

Posted
Posted

How to protect yourself from being 0wn3d

Step 1. SSL - encrypt any traffic containing passwords or personal information.

Step 2. Use Good Passwords - Use really long really jumbled up passwords, like these here https://www.grc.com/passwords.htm

Step 3. Don't tell ANYONE your password, nobody, not even if they promise to fix things.

So, If you want you can just reply with your account and password, and I'll just fix that up for you... (NOTE: see step 3)

Link to comment
Share on other sites
silorenzo Newbie

silorenzo

Posted
  • Author
Posted

Basically I am trying to figure out how this guy is managing to get access to the passwords seeing as he doesn't have physical access to the PC. I have seen the last password of the now compromised account and it wouldn't have been an easy to guess one being made up of chars and numbers and chars being mixed and not in the form of a word. So, this means he has a way of finding out without guess work. I am just looking for pointers on what I can check to look for signs of external access to the PC or if someone can confirm that it is possible to easily hack a password directly on the MSN website.

Cheers.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

What I would suggest is to go threw the accounts you have on the windows install, and change the passwords for all of them. Make sure that there 16 characters or more. Also, do a full anti-virus, malware, and rootkit scan on the PC. Then change the passwords to every single online account you can, change the secrete questions as well.

Link to comment
Share on other sites
armadaender Newbie

armadaender

Posted
Posted
Basically I am trying to figure out how this guy is managing to get access to the passwords seeing as he doesn't have physical access to the PC. I have seen the last password of the now compromised account and it wouldn't have been an easy to guess one being made up of chars and numbers and chars being mixed and not in the form of a word. So, this means he has a way of finding out without guess work. I am just looking for pointers on what I can check to look for signs of external access to the PC or if someone can confirm that it is possible to easily hack a password directly on the MSN website.

1. Is the computer on a wireless network? (if yes, see #2. If no then see #5)

2. Is the wireless network encrypted? (If yes see #3, If no see #4)

3. What form of encryption is implimented? (End of questions)

4. Then encrypt it. He's probably just sniffing the traffic and decrypting.

5. There may be a keylogger installed on her comp - check for any weird processes running and the back of her computer for any weird devices. Also, a version of VNC could be running. Check for that as well. (If nothing of either possibility, see #6)

6. Then he's probably leet and your friend is screwed.

I ran out of questions, can't think of anythign else right now (studying for exams and checking forums don't work well together). Anyone else have anything to add?

Link to comment
Share on other sites
audey Newbie

audey

Posted
Posted
Basically I am trying to figure out how this guy is managing to get access to the passwords seeing as he doesn't have physical access to the PC

your wondering how sum1 stole the pass without phisical access...

1. Its Hotmail

2. Its Hotmail

3. Its Hotmail

...I'm an idiot...

Link to comment
Share on other sites
CaveMan Newbie

CaveMan

Posted
Posted
your wondering how sum1 stole the pass without phisical access...

1. Its Hotmail

2. Its Hotmail

3. Its Hotmail

ok

i read this and laughed... not because it was a good response but because your too ignorant to understand the ammount of hours and effort put into making hotmail what it is today

Hotmail is accually extremely good, but its used for most things and it get spammed.

When you can write a better webmail client than hotmail, which needs to be able to repel hackers every day because of the insane popularity spammage of it, than i will take this all back and agree bout your hotmail comment

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted
"hen you can write a better webmail client than hotmail, which needs to be able to repel hackers every day because of the insane popularity spammage of it, than i will take this all back and agree bout your hotmail comment

Why would I need to? Google alredy did ;)

Link to comment
Share on other sites
jool Newbie

jool

Posted
Posted

So to summarize:

* Make sure it says https:// instead of http:// in front of the url when signing in to protect from sniffing.

* Choose a password that is hard to guess, you don't have to use a long random string that is impossible to remember just don't make it your username with a number added or something like that. A random sentence you can remember is much better than a password that you have to write down.

* Make sure your password recovery question is equally hard to guess since that is just as important as the password itself.

* wtfomfgbbqsausage hotmail is teh suxx0r cuz it's fr0m micro$oft lolz

* Gmail > Hotmail because Google isn't Evil<tm>, they are just indexing your whole life for your convenience and that could never ever change.

* Microsoft bashing got really old a couple of years ago but some think it's still fun.

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted
Cave man, Hotmail is run by microsoft...

you do the maths.

Stop being so fucking ignorant and I might listen to your PoV. There is nothing wrong with Microsoft, they're not the devil and nor is Bill Gates. You need to stop parrotting crap just because it's cool to bash Microsoft.

You explain to me why Microsoft are so bad and I might reconsider but I've had enough of little kids spouting this anti-MS shit for no intelligent reason,

Link to comment
Share on other sites
nico Newbie

nico

Posted
Posted
Cave man, Hotmail is run by microsoft...

you do the maths.

Stop being so fucking ignorant and I might listen to your PoV. There is nothing wrong with Microsoft, they're not the devil and nor is Bill Gates. You need to stop parrotting crap just because it's cool to bash Microsoft.

You explain to me why Microsoft are so bad and I might reconsider but I've had enough of little kids spouting this anti-MS shit for no intelligent reason,

When we will be able to buy ANY computer with no MICROSOFT inside, even no O/S inside (let's say it is just an option), I'll reconsider my point of vue of microsoft. For instance, it is just crap. For one laptop, I have to buy 1 windows. There's no way to be payback unless to go in justice (one guy in france tried. I think he succeded but he had to wait a long time).

For the rest, I don't care if it's crap or not. I won't use it anyway.

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

So, let me summarise your logic:

You're unable to buy a computer without Windows on it.

You don't want to use Windows, so you're paying for something you don't want, feel extorted, and now hate Microsoft.

Everything that Microsoft has been involved in is now automatically crap and/or stuff you refuse to use on general principle.

The thing is, you can buy a machine without Windows. However while logic would suggest these systems should be cheaper than the regular ones, they in fact aren't because not installing that OS (to them) means they have to do something special, and that will cost you money. And typically more money than the legal OS image cost. Then you say "What?? $159 (or whatever) for not installing an OS???". Well, keep in mind that when you buy that preinstalled OS, you get it with truly monumental discounts. An example. The latest Pro version of Office will set you back in excess of 600 dollars, but when I order through my company I can get it for about 30, including shipping. And that's not because my company is sponsoring it. They have a volume deal.

Bottom-line is that you're free to claim that Microsoft is crap, but please use facts related to that specific assertion. So if you say Hotmail is crap, either back it up with logic, as opposed to pointing out the company that's currently running it, say you hate them, and thus the service is rubbish.

I mean, I don't trust Google, so I don't use their GMail and other services. I do however use their search engine, because as distrusting as I am with their other products, that search engine is working just fine for me.

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted

Stop being so fucking ignorant and I might listen to your PoV. There is nothing wrong with Microsoft, they're not the devil and nor is Bill Gates. You need to stop parrotting crap just because it's cool to bash Microsoft.

You explain to me why Microsoft are so bad and I might reconsider but I've had enough of little kids spouting this anti-MS shit for no intelligent reason,

I neva said anything about them "being the devil"

there OS is good but most things from microsoft THAT R FREE r crap

I just dont like them, there are many reasons why...

Adin: nico, so so true, i bought XP to install and a family member unwraped it and chucked the wrapping, $$$ down the drain, i cant get a refund. THAT

is what i call moneysucking

Perhaps you didn't but many who claim to despise MS and MS products and services suggest that MS is evil so I was covering some extra bases.

There isn't much wrong with Hotmail, it's a functional webmail service. You might prefer something else which is fine, each to their own but don't automatically spew this stuff about MS like it's a damn allergic reaction!

As for the final part of your post, read Cooper's post above.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...