silorenzo Posted October 24, 2006 Share Posted October 24, 2006 A friend of mine is having problems with an ex boyfriend of her sister's. Apparently he is able to access and change their passwords at will. What methods are available to get the passwords either remotely or using some form of backdoor and, what, if any, ways are there of detecting them? Cheers. Quote Link to comment Share on other sites More sharing options...
Uncle Toxie Posted October 24, 2006 Share Posted October 24, 2006 I have marshmalllows, someone get the hot dogs! Quote Link to comment Share on other sites More sharing options...
manuel Posted October 24, 2006 Share Posted October 24, 2006 A friend of mine is having problems with an ex boyfriend of her sister's. Apparently he is able to access and change their passwords at will. What methods are available to get the passwords either remotely or using some form of backdoor and, what, if any, ways are there of detecting them?Cheers. sorry to tell you, but we do not offer assistance with obtaining passwords like that. Secondly all I can say is "your friend's" passwords must be too simple, and the use of keyloggers may be in play. Other than that, RTFFM here: http://www.hak5.org/forums/viewtopic.php?t=1674 Quote Link to comment Share on other sites More sharing options...
silorenzo Posted October 24, 2006 Author Share Posted October 24, 2006 I am not asking for assistance in getting passwords I am asking for ways of preventing someone from getting them Quote Link to comment Share on other sites More sharing options...
psychoaliendog Posted October 24, 2006 Share Posted October 24, 2006 How to protect yourself from being 0wn3d Step 1. SSL - encrypt any traffic containing passwords or personal information. Step 2. Use Good Passwords - Use really long really jumbled up passwords, like these here https://www.grc.com/passwords.htm Step 3. Don't tell ANYONE your password, nobody, not even if they promise to fix things. So, If you want you can just reply with your account and password, and I'll just fix that up for you... (NOTE: see step 3) Quote Link to comment Share on other sites More sharing options...
thisiam Posted October 24, 2006 Share Posted October 24, 2006 i would try changing the secret question. might be real easy to to figure out Quote Link to comment Share on other sites More sharing options...
silorenzo Posted October 24, 2006 Author Share Posted October 24, 2006 Basically I am trying to figure out how this guy is managing to get access to the passwords seeing as he doesn't have physical access to the PC. I have seen the last password of the now compromised account and it wouldn't have been an easy to guess one being made up of chars and numbers and chars being mixed and not in the form of a word. So, this means he has a way of finding out without guess work. I am just looking for pointers on what I can check to look for signs of external access to the PC or if someone can confirm that it is possible to easily hack a password directly on the MSN website. Cheers. Quote Link to comment Share on other sites More sharing options...
Sparda Posted October 24, 2006 Share Posted October 24, 2006 Boot a Linux live CD, change the password, login and see if 'he' knows it now. Quote Link to comment Share on other sites More sharing options...
VaKo Posted October 24, 2006 Share Posted October 24, 2006 What I would suggest is to go threw the accounts you have on the windows install, and change the passwords for all of them. Make sure that there 16 characters or more. Also, do a full anti-virus, malware, and rootkit scan on the PC. Then change the passwords to every single online account you can, change the secrete questions as well. Quote Link to comment Share on other sites More sharing options...
armadaender Posted October 25, 2006 Share Posted October 25, 2006 Basically I am trying to figure out how this guy is managing to get access to the passwords seeing as he doesn't have physical access to the PC. I have seen the last password of the now compromised account and it wouldn't have been an easy to guess one being made up of chars and numbers and chars being mixed and not in the form of a word. So, this means he has a way of finding out without guess work. I am just looking for pointers on what I can check to look for signs of external access to the PC or if someone can confirm that it is possible to easily hack a password directly on the MSN website. 1. Is the computer on a wireless network? (if yes, see #2. If no then see #5) 2. Is the wireless network encrypted? (If yes see #3, If no see #4) 3. What form of encryption is implimented? (End of questions) 4. Then encrypt it. He's probably just sniffing the traffic and decrypting. 5. There may be a keylogger installed on her comp - check for any weird processes running and the back of her computer for any weird devices. Also, a version of VNC could be running. Check for that as well. (If nothing of either possibility, see #6) 6. Then he's probably leet and your friend is screwed. I ran out of questions, can't think of anythign else right now (studying for exams and checking forums don't work well together). Anyone else have anything to add? Quote Link to comment Share on other sites More sharing options...
Sparda Posted October 25, 2006 Share Posted October 25, 2006 What dose your friend do on this computer? I mean, usage wise, becasue it might be time to switch to Linux ;) Kids, it's time to go Linux! :P Quote Link to comment Share on other sites More sharing options...
VaKo Posted October 25, 2006 Share Posted October 25, 2006 Linux sucks, Go *BSD. Quote Link to comment Share on other sites More sharing options...
nico Posted October 25, 2006 Share Posted October 25, 2006 Arfff...BSD or Linux...I don't care but PLEASE !!!! No Windows !!!!! Quote Link to comment Share on other sites More sharing options...
audey Posted October 25, 2006 Share Posted October 25, 2006 Basically I am trying to figure out how this guy is managing to get access to the passwords seeing as he doesn't have physical access to the PC your wondering how sum1 stole the pass without phisical access... 1. Its Hotmail 2. Its Hotmail 3. Its Hotmail ...I'm an idiot... Quote Link to comment Share on other sites More sharing options...
CaveMan Posted October 25, 2006 Share Posted October 25, 2006 your wondering how sum1 stole the pass without phisical access...1. Its Hotmail 2. Its Hotmail 3. Its Hotmail ok i read this and laughed... not because it was a good response but because your too ignorant to understand the ammount of hours and effort put into making hotmail what it is today Hotmail is accually extremely good, but its used for most things and it get spammed. When you can write a better webmail client than hotmail, which needs to be able to repel hackers every day because of the insane popularity spammage of it, than i will take this all back and agree bout your hotmail comment Quote Link to comment Share on other sites More sharing options...
audey Posted October 25, 2006 Share Posted October 25, 2006 ***** <--------- I'm an idiot Quote Link to comment Share on other sites More sharing options...
Sparda Posted October 25, 2006 Share Posted October 25, 2006 "hen you can write a better webmail client than hotmail, which needs to be able to repel hackers every day because of the insane popularity spammage of it, than i will take this all back and agree bout your hotmail comment Why would I need to? Google alredy did ;) Quote Link to comment Share on other sites More sharing options...
jool Posted October 25, 2006 Share Posted October 25, 2006 So to summarize: * Make sure it says https:// instead of http:// in front of the url when signing in to protect from sniffing. * Choose a password that is hard to guess, you don't have to use a long random string that is impossible to remember just don't make it your username with a number added or something like that. A random sentence you can remember is much better than a password that you have to write down. * Make sure your password recovery question is equally hard to guess since that is just as important as the password itself. * wtfomfgbbqsausage hotmail is teh suxx0r cuz it's fr0m micro$oft lolz * Gmail > Hotmail because Google isn't Evil<tm>, they are just indexing your whole life for your convenience and that could never ever change. * Microsoft bashing got really old a couple of years ago but some think it's still fun. Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 26, 2006 Share Posted October 26, 2006 Cave man, Hotmail is run by microsoft...you do the maths. Stop being so fucking ignorant and I might listen to your PoV. There is nothing wrong with Microsoft, they're not the devil and nor is Bill Gates. You need to stop parrotting crap just because it's cool to bash Microsoft. You explain to me why Microsoft are so bad and I might reconsider but I've had enough of little kids spouting this anti-MS shit for no intelligent reason, Quote Link to comment Share on other sites More sharing options...
VaKo Posted October 26, 2006 Share Posted October 26, 2006 Ditto Moonlit, this isn't the 90's anymore. Quote Link to comment Share on other sites More sharing options...
nico Posted October 26, 2006 Share Posted October 26, 2006 Cave man, Hotmail is run by microsoft...you do the maths. Stop being so fucking ignorant and I might listen to your PoV. There is nothing wrong with Microsoft, they're not the devil and nor is Bill Gates. You need to stop parrotting crap just because it's cool to bash Microsoft. You explain to me why Microsoft are so bad and I might reconsider but I've had enough of little kids spouting this anti-MS shit for no intelligent reason, When we will be able to buy ANY computer with no MICROSOFT inside, even no O/S inside (let's say it is just an option), I'll reconsider my point of vue of microsoft. For instance, it is just crap. For one laptop, I have to buy 1 windows. There's no way to be payback unless to go in justice (one guy in france tried. I think he succeded but he had to wait a long time). For the rest, I don't care if it's crap or not. I won't use it anyway. Quote Link to comment Share on other sites More sharing options...
cooper Posted October 26, 2006 Share Posted October 26, 2006 So, let me summarise your logic: You're unable to buy a computer without Windows on it. You don't want to use Windows, so you're paying for something you don't want, feel extorted, and now hate Microsoft. Everything that Microsoft has been involved in is now automatically crap and/or stuff you refuse to use on general principle. The thing is, you can buy a machine without Windows. However while logic would suggest these systems should be cheaper than the regular ones, they in fact aren't because not installing that OS (to them) means they have to do something special, and that will cost you money. And typically more money than the legal OS image cost. Then you say "What?? $159 (or whatever) for not installing an OS???". Well, keep in mind that when you buy that preinstalled OS, you get it with truly monumental discounts. An example. The latest Pro version of Office will set you back in excess of 600 dollars, but when I order through my company I can get it for about 30, including shipping. And that's not because my company is sponsoring it. They have a volume deal. Bottom-line is that you're free to claim that Microsoft is crap, but please use facts related to that specific assertion. So if you say Hotmail is crap, either back it up with logic, as opposed to pointing out the company that's currently running it, say you hate them, and thus the service is rubbish. I mean, I don't trust Google, so I don't use their GMail and other services. I do however use their search engine, because as distrusting as I am with their other products, that search engine is working just fine for me. Quote Link to comment Share on other sites More sharing options...
audey Posted October 26, 2006 Share Posted October 26, 2006 ********* <--------- I'm an idiot Quote Link to comment Share on other sites More sharing options...
anyedie Posted October 26, 2006 Share Posted October 26, 2006 my favorite fix would be a good 31337 passphraise! Quote Link to comment Share on other sites More sharing options...
moonlit Posted October 26, 2006 Share Posted October 26, 2006 Stop being so fucking ignorant and I might listen to your PoV. There is nothing wrong with Microsoft, they're not the devil and nor is Bill Gates. You need to stop parrotting crap just because it's cool to bash Microsoft. You explain to me why Microsoft are so bad and I might reconsider but I've had enough of little kids spouting this anti-MS shit for no intelligent reason, I neva said anything about them "being the devil" there OS is good but most things from microsoft THAT R FREE r crap I just dont like them, there are many reasons why... Adin: nico, so so true, i bought XP to install and a family member unwraped it and chucked the wrapping, $$$ down the drain, i cant get a refund. THAT is what i call moneysucking Perhaps you didn't but many who claim to despise MS and MS products and services suggest that MS is evil so I was covering some extra bases. There isn't much wrong with Hotmail, it's a functional webmail service. You might prefer something else which is fine, each to their own but don't automatically spew this stuff about MS like it's a damn allergic reaction! As for the final part of your post, read Cooper's post above. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.