2/16/2007

How to prevent your mail account getting hacked

Mail account hacked !!! people say ' wow,hackers hacked it '.But do you think yahoo, Gmail , Hotmail are sitting idle there watching their accounts getting hacked ? No.They have strong security policies.The only chance that your mail account can get hacked is that you make it get hacked.The hackers who can hack mail accounts by using proper techniques will never target normal people accounts.They will try for something more.Still Ill tell you some techniques which are employed to make you tell your password.

THE HOAX

Let's dispose of one technique that is absolutely a fraud (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work.


(1) send an E-mail to passwordrecovery@yourdomainhere.com

(2) In the subject box type the screenname of the person whose password you wish to steal

(3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa

(4) Send the e-mail with priority set to "high" (red ! in some mailprograms)

(5) wait 2-3 minutes and check your mail

(6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!

Why does this work? It´s a special decryption-server that AOL-employees can use to decrypt passwords.The aolbackdoor account is a bot that reads your authentification from the message body and identifiying you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot´s script seems to be a little bit buggy and it automatically recogises you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.

This is just a scam to steal your password and may explain some of the calls we get from people saying they were hacked. Never give your password to anyone. No legitimate web service or customer service representative will ask for it or need it. There is no magic email address or series of commands that will reveal the passwords of users.

LOCALLY STORED PASSWORDS

Most browsers, including Internet Explorer® and Netscape®, the AOL® client, and Windows® Dial-Up Connections allow you the option to store passwords. These passwords are stored on the local machine and (depending upon where and how it is stored) there is usually a method of recovering these passwords. Storing any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. While we are not currently aware of any program to recover locally stored AOL® passwords, we do not recommend that these are secure. Software does exist that can recover most of the other types of locally stored passwords.

TROJAN

A Trojan is a program that is sent to a user that allows an attacker to control functions of the target computer, recover information from the target or to delete or damage files on the target. The name Trojan is given because the program will usually come attached to some other program or file that entices you to run it. There are a wide variety of Trojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. To protect yourself against Trojans, you should never execute or download software or files that are not from a trusted source. It is critical that anyone working on internet use a virus protection program (which should catch most Trojans.) Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it. However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset.

SNIFFING

If two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others' packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or "played-back." This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity.

BRUTE-FORCE ATTACK

Many people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on AOL®, Yahoo® or Hotmail® and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don't own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you'd be arrested and prosecuted for doing this.

SOCIAL ENGINEERING

Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information.

Most of the users fall a pray to these techniques since they are not accosted about these.Social engineering is a very common technique used by your friends or some other people who know that you dont have much knowledge about computer.So readers beware and dont ever give your password to anyone through mailing as Mail account providers never ask for password through mail and always use a antivirus software to prevent Trojans from entering.Last but not least never exit with out signing out.
Technorati Tags:
,

4 comments:

Is AOL that stupid indeed?

i have got someone goin and changing my password so i cant get on it i know who is doin it because they didnt cover there tracks how can i stop them from doing it again

have commonsense. never disclose u r password to anyone whatever they claim to.

louis vuitton are THE bags to be seen with. In whatever type and leather material, each vuitton handbags is produced under the highest quality standards. No single defect is tolerated and the slightest deviation in quality will stop Monogram Graffiti from being sold to the public, in order to offer the public the perfect bag. They are also a design of art, made with the highest aesthetic values by the most professional designers. A Monogram Groom is a fashion statement that spells style, beauty, and elegance.

Post a Comment