• CONTEST ALERT - Experience the power of DDR5 memory with Kingston Click for details

Is this possible?

Status
Not open for further replies.

navjotjsingh

Wise Old Owl
Today my sister's orkut account got hacked and some other person was replying with her account on other's scraps. When my sister logged on and asked her who he was and how did he do this? He replied that you recently clicked some javascript link in your browser and cookies from the browser got transferred to his pc. And now he does not need user id and passwords to login to my sis's account. Is it possible. My sis got the password changed and he again logged back in. He reconfirmed that password change won't stop him. Is this possible?

And how to prevent this. As a precautionary measure I have removed complete firefox profile folders of my sister. I am using latest Firefox 2.0.0.2.
 

shashank4u

Youngling
i think u shud change the browser settings to default...
and i think after the password change he wud not be able to login in yr sis account.
also check for spyware,keyloggers.
 

Choto Cheeta

Rebooting
i think,

simply some how ur sis was manage to leak out her password :p or some one guessed it :p

well thats my view only :)
 

47shailesh

Security Exp
Hmm...

First a brief intro about GUID (Globally Unique Identifier)...

Whenever u click "remember me" on login based site a cookie is created with a GUID in it...this cookie stores password and username in it, so that user can be identified on the basis of GUID on his/her return....

GUID is a unique string..

Now getting back to question....

When ur sis clicked on an AD or on JS then those scripts executes and search for GUID in the cookie folder...

If they get one they stores it and return to there MASTER hehe in ur case to that prank....

Solution: clear all cookies... get the password change ur r safe then...

And too use Spybot search and destroy + AdAware to detect for any maleare present in ur system....

:)
 
OP
N

navjotjsingh

Wise Old Owl
More Interesting Info...my sis never uses remember be option. I suggested her using long before since time gets wasted in typing again and again but she never listened.
 

47shailesh

Security Exp
That is the most probable attack by JS that i have mentioned...

If that not the case then there can be N guesse for the reason...
 

piyush gupta

Cyborg Agent
If clearing cookies and changing password are not working check your system for malwares

i m sure this person is using some evil scripts for your account login
just a guess

Can he access your other account e.g gmail,yahoo etc.
 
Status
Not open for further replies.
Top Bottom