URGENT! Password Stolen

karnivore · May 18, 2007

Here's what happened.

A friend of mine can no longer log into her e-mail accounts with Hotmail, Rediffmail, Gmail, Ymail, simply because the “passwords” are not matching. She logged in yesterday at around 6:30 in the evening, from her office. But today she can't.

Apparently, she had a tiff with a colleague, who is supposed to be a computer wiz. She is afraid that he has got something to do with her stolen passwords.

Now what i am wondering is, if it is possible to steal passwords in way, other than using keyloggers. Can this be done by accessing the company servers? This guy and the computer admin are really good friends.

BTW, the company e-mail is working fine.

Can somebody throw some light on this. Also how can this be prevented.

Thx in advance.

kumarmohit · May 18, 2007

Ask her to check if the Caps Lock key is on, try typing it with the Caps key other way, else ask her to type password in notepad first then copy paste,

This is theoretically possible by using a Packet Sniffer, but some of these sites transport passwords in encrypted manner, Gmail for sure does it, so even packet sniffer would catch gibberish, just in case password is not sent thru a secure line, even then isolation of password is going to be very tricky.

Prevention - best is not to check email from computers @ risk,

And DO Not mess ppl who are computer wiz!!! :))

karnivore · May 18, 2007

kumarmohit

Thx for the prompt reply.

I don't think its a typing problem. She tried it from a cyber cafe as well. It seems she has a keylogger to deal with. Can u/anybody tell how to disable the keylogger.

And DO Not mess ppl who are computer wiz!!!

TRUE. She is learning it a very hard and painful way.

kumarmohit · May 18, 2007

Most of the antispywares can get rid of Keyloggers, try ad-aware se and Spybot S&D, they should be able to help.

it_waaznt_me · May 18, 2007

And also check for Ethereal or Cain and Abel packets on the lan. If its a window lan, CnA might be his tool of trade.

satyamy · May 18, 2007

the only solution is
Use
Forgot Password Option
& recover your Password

praka123 · May 19, 2007

Hotmail, Rediffmail, Gmail, Ymail, simply because the “passwords” are not matching.

all of 'em.cant believe. :-|

only soltn is to confront that guy before his higher officials.that's it.

kumarmohit · May 19, 2007

^^ Totally agree, if this person is misusung his knowledge, then he must be brought to face the consequences.

karnivore · May 20, 2007

Update on the story:

Yesterday when she reached office and opened IE, she found that somebody had set the home page to some message saying "Does someone need help". Can you believe this guy.

This guy has changed the details of all her accounts, ie. hint question etc and deleted her Orkut account.

She reported this to the higher authority, but since they don't have any direct proof, they are not going to take any action against this person. So she will be moved to the other room.

Needless to say, she is **** scared.

Well, can she report this to the police or something. Any means of stopping this bullying.

cyborg47 · May 20, 2007

Go bang that guy u doubt on!

outlaw · May 20, 2007

hmm... that guy's gud...

a solution - find a bigger whiz.
request him to hack this losers id's

then it will be fun...

satyamy · May 20, 2007

their are some software available to spy on PC's
you can google it & find out
like hiddencam, PC SPY etc.
these can record the whole thing & whatever work done on a PC

you can try this to find out at what time & what problem does someone do's to your PC
& what are his methods

or you can install software like remotely anywhere or similar to it
& access that PC from your home PC to syp on it
but you have to work hard like spying it for continue 24hrs

also do one thing
install ccleaner
& go to that section where you can find all the install component
right click & save a .txt file
& post it here
So we can understand how many & which software are installed in her PC

therockerz · May 20, 2007

Keylogger pfft.. Wasnt wise to access email accounts in a place filled with "Cyber-Hostility".

Well ofcourse there are lot more ways to get passwords than just keyloggers.

What she can do now , is create a new email address , or hack back that other email address , or contact hotmail , and try to get back that account or whatever (very less chance of getting back that address).

You cant complain to police that a guy hacked your FREE WEBMAIL ACCOUNT!!

bbalegere · May 20, 2007

I think she used the same password for all.
gmail and yahoo use secure connection.
But if she logged into some other service like rediffmail without any secure connection,then i think the Computer whiz has sniffed out the password with the help of the Network Admin.
The best thing is to ask to him to reveal the password or wait for him to login into your account and try sniffing it yourself.

The rule is to secure connection

ironcross77 · May 31, 2007

I think its too late. Sorry I did not visit the forum for a long time.
If she was using firefox and did enable the remember username and password checkbox then it is child's play to get the password. Just go to Tools->Options->Security->Show Passwords.

Also there is a severe flaw in rediffmail. If after logging off from rediffmail you do not close the browser windows, then with the window open one can retrive the hash and salt of your password using SQL injection. It then takes 3 to 4 hrs for online websites to crack the encrypted password.

Also if you try to login back to your orkut account (even if with wrong password 3 times in a row), even after your account is scheduled for deletion, it is not deleted.

But it is too late now.

ECE0105 · Jun 5, 2007

karnivore said:
Update on the story:

Yesterday when she reached office and opened IE, she found that somebody had set the home page to some message saying "Does someone need help". Can you believe this guy.

This guy has changed the details of all her accounts, ie. hint question etc and deleted her Orkut account.

She reported this to the higher authority, but since they don't have any direct proof, they are not going to take any action against this person. So she will be moved to the other room.

Needless to say, she is **** scared.

Well, can she report this to the police or something. Any means of stopping this bullying.

Well, your friend has still not learn t her lesson.... did she?
I guess it is too late to do anything except mebbe kick the guy on the butt and ask him to spill the new pwds or create new accounts....

URGENT! Password Stolen

karnivore

in your face..

kumarmohit

Technomancer

karnivore

in your face..

kumarmohit

Technomancer

it_waaznt_me

Coming back to life ..

satyamy

Alive Again...

praka123

left this forum longback

kumarmohit

Technomancer

karnivore

in your face..

cyborg47

Technomancer

outlaw

De@d

satyamy

Alive Again...

therockerz

Broken In

bbalegere

Broken In

ironcross77

Broken In

ECE0105

In the zone