| Author |
RE: Boosting Security after being compromised? |
onejerlo
Member
Posts: 145
Location:
Joined: 02.11.08
Rank: Elite |
|
Chronologically ordered:
1.)Read up on possible attacks..scary..Man in the middle attack compromises all normal security.
2.)I finally convinced the guy to tell me why he thinks his account was hacked..it seems someone sent idiotic messages to his friends from the id.
Thought it was SMTP but decided to check other possibilities out as well.
3.)Went to his house,the guy is an idiot..he did everything I said..then decided to leave auto-complete on(firefox)..it was probably some relative/friend.
Note:The guy seems to enjoy "twilight"..weird..loads of posters..I ,for some reason,started thinking about matches...
While you read this message,corrupt politicians are gobbling up your hard earned money;rebels,armies and terrorists are torturing and killing hundreds of innocent men;companies are exploiting millions of people and ruining the environment,people are fighting each other on the basis of color,creed and religion and your nation is being slowly destroyed.
But whats REALLY worrying,is that I write color instead of colour. |
|
| Author |
RE: Boosting Security after being compromised? |
only_samurai
[IRC Rockstar]
Posts: 984
Location: idling in some random irc channel
Joined: 18.08.06
Rank: .|unranked|. |
|
|
onejerlo wrote:
3.)Went to his house,the guy is an idiot..he did everything I said..then decided to leave auto-complete on(firefox)..it was probably some relative/friend.
... well that's boring 
The problem with a fool-proof system, is eliminating the fool.
"His name is Cereal Killer...Like Fruitloops." If you cut me, I bleed binary.
http://blog.psych0tik.net/ |
|
| Author |
RE: Boosting Security after being compromised? |
stealth-
Member
Posts: 963
Location: Eh?
Joined: 10.04.09
Rank: God |
|
|
onejerlo wrote:
Thought it was SMTP but decided to check other possibilities out as well.
What does a mail protocol have to do with anything?
Glad you figured it out, though.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
|
|
| Author |
RE: Boosting Security after being compromised? |
onejerlo
Member
Posts: 145
Location:
Joined: 02.11.08
Rank: Elite |
|
Well,he said that emails were only SENT OUT..and he said he got the info from his friends..which means that they weren't in his sent folder....
And he had full access to his account.
The fellow probably(Relative/friend) deleted the emails in the sent folder.
While you read this message,corrupt politicians are gobbling up your hard earned money;rebels,armies and terrorists are torturing and killing hundreds of innocent men;companies are exploiting millions of people and ruining the environment,people are fighting each other on the basis of color,creed and religion and your nation is being slowly destroyed.
But whats REALLY worrying,is that I write color instead of colour. |
|
|
| Author |
RE: Boosting Security after being compromised? |
spyware
Member
Posts: 4158
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
Maybe someone just spoofed his mail address. Lots of spam bots crawl the interwebs for addresses.
The most censored HBH profile.
"The chowner of property." - Zeph“Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
|
| Author |
RE: Boosting Security after being compromised? |
onejerlo
Member
Posts: 145
Location:
Joined: 02.11.08
Rank: Elite |
|
Yeah..As I said..that was my first reaction..but the mails were..."idiotic"..not marketing/ads.mostly random things like.."hey,I'm crazy"..
it was probably his little brother..
I have been thinking about the "Man in the middle attack"....
How about if someone sets up a server..installs a program which will allow it to receive encrypted message with the user name/password of his fav. sites..the server logs him in..takes the cookies and sends them to him..so even if someone attempts a man in the middle,he can only stay on for a few minutes..
This would work for most sites except those where the cookies change with the IP.
What would be better is if the sites came up with one time log in codes..
so that the server sends the code to the user,who can use it without ever sending the unencrypted password.
Loads of work but do you think it may work??
1 server would be able to serve a lot of people(even the mangiest of servers can handle multiple reqs. and cipher algorithms.)
since the key/one time pad(one time pad is better),would be decided,no problems.
*Assuming that no connection is thought to be secure..the fellow could also install the prog. by physically accessing the server.
While you read this message,corrupt politicians are gobbling up your hard earned money;rebels,armies and terrorists are torturing and killing hundreds of innocent men;companies are exploiting millions of people and ruining the environment,people are fighting each other on the basis of color,creed and religion and your nation is being slowly destroyed.
But whats REALLY worrying,is that I write color instead of colour. |
|
|
| Author |
RE: Boosting Security after being compromised? |
stealth-
Member
Posts: 963
Location: Eh?
Joined: 10.04.09
Rank: God |
|
For your first scenario, it's not practical to have to manually upload your passwords to a 3rd party machine. To be "secure", this would likely have to be on a completely different router and have the passwords uploaded via physical access. Not everyone can afford two routers and computers, either, or would they be okay with having a bank of your passwords stored on some remote server that's not theirs. There's also another problem with this, discussed a bit farther below.
In your second idea, where the server sends the key to the client, I'm not seeing your logic here. Without the password, how would the server know you are who you say you are? Aside from that part, if the server has to send you the keys, then that means the MitM can also read them. I think I might've misunderstood something in your post for that part.
The other problem with all ideas surrounding Mitm is that there is virtually no way to bypass it. A man in the middle can manipulate your queries in real time, inject/delete text into/from your data stream, change your dns results (facebook.com actually points to an attackers fake site, but you would never know), and read every encrypted transmittion that is sent along the wire.
Unfortunately, there just isn't really any practical setup that would integrate into the already setup framework and still be effective.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
|
|
Main:
