I don't know. Lets say it spams the secret question/answer or something like another poster said. All i know mine was locked, and it was released when another person asked him to give it back.
Hotmail Account Hacked
- Thread starter Converge
- Start date
I don't know. Lets say it spams the secret question/answer or something like another poster said. All i know mine was locked, and it was released when another person asked him to give it back.
He was definitely spinning you a yarn. There is no way that some script kiddie sat in his bedroom trying not to wake up his parents whilst he's talking on a forum would have been able to remotely access the servers for administrative purposes.
incorporate a salt into the equation and you're talking a few billion years for an 8-character password.
Deleted member 651465
Deleted member 651465
16 digits including Alpha-numeric characters and symbols, randomly generated.
like this:
r736lKwCN,q}/l+2
Last edited:
...or used a PC on a LAN? Here's how trivially easy it is to capture someone's Hotmail password if you're using a PC on the same network as another user.
Alice reads her emails using Hotmail from work. She sits at her desk, using her work PC, which is free of any spyware or viruses thanks to the friendly IT department of the company she works for. Alice knows to use a complex password that can't be easily guessed, and she doesn't write it on a Post-It note stuck to the side of her monitor. She also makes sure nobody is shoulder surfing whilst she's typing in her password. She signs-on successfully, reads her emails and then makes sure she signs out of Hotmail before closing down her browser. Nobody else can access Alice's PC.
Bob sits at his PC, which is across the other side of the office from Alice. Bob can't see what Alice is doing on her PC, and can't see what she's typing. But Bob wants to access Alice's Hotmail account because he thinks she fancies him. So, Bob installs ethereal on his PC because he knows it can capture traffic flowing across the network. The company where Alice and Bob works allows users to install software on their own PCs, so he's not broken any company policy.
Bob launches ethereal and sets it to capture traffic during the lunch hour, as that's when he assumes Alice is most likely to read her emails.After the lunch hour is up, Bob stops ethereal from running and saves the log file it produced to a DVD (due to the amount of traffic captured). Bob takes the DVD home with him that night. When he's at home, Bob filters out all the traffic not destined for Alice's PC so that it's more manageable, and then scans all the traffic going to and from Alice's PC. Bob notices that Alice accessed the following URL - http://login.live.com - which he knows is the sign-on page for Hotmail. He notices that Microsoft don't encrypt the initial sign-on page which means that anything Alice types on that page will be transmitted in clear text. Bob then scans the subsequent packets until he finds Alice's username and password being submitted to Hotmail. Bob then accesses Alice's Hotmail account using her username and password that he obtained, and reads her emails. Bob is upset, however, to discover that Alice is actually a lesbian.
Remember, kids, accessing a sign-on page that is not encrypted means that you are potentially sharing your password with everybody else sat on the same subnet as you.
Alice reads her emails using Hotmail from work. She sits at her desk, using her work PC, which is free of any spyware or viruses thanks to the friendly IT department of the company she works for. Alice knows to use a complex password that can't be easily guessed, and she doesn't write it on a Post-It note stuck to the side of her monitor. She also makes sure nobody is shoulder surfing whilst she's typing in her password. She signs-on successfully, reads her emails and then makes sure she signs out of Hotmail before closing down her browser. Nobody else can access Alice's PC.
Bob sits at his PC, which is across the other side of the office from Alice. Bob can't see what Alice is doing on her PC, and can't see what she's typing. But Bob wants to access Alice's Hotmail account because he thinks she fancies him. So, Bob installs ethereal on his PC because he knows it can capture traffic flowing across the network. The company where Alice and Bob works allows users to install software on their own PCs, so he's not broken any company policy.
Bob launches ethereal and sets it to capture traffic during the lunch hour, as that's when he assumes Alice is most likely to read her emails.After the lunch hour is up, Bob stops ethereal from running and saves the log file it produced to a DVD (due to the amount of traffic captured). Bob takes the DVD home with him that night. When he's at home, Bob filters out all the traffic not destined for Alice's PC so that it's more manageable, and then scans all the traffic going to and from Alice's PC. Bob notices that Alice accessed the following URL - http://login.live.com - which he knows is the sign-on page for Hotmail. He notices that Microsoft don't encrypt the initial sign-on page which means that anything Alice types on that page will be transmitted in clear text. Bob then scans the subsequent packets until he finds Alice's username and password being submitted to Hotmail. Bob then accesses Alice's Hotmail account using her username and password that he obtained, and reads her emails. Bob is upset, however, to discover that Alice is actually a lesbian.
Remember, kids, accessing a sign-on page that is not encrypted means that you are potentially sharing your password with everybody else sat on the same subnet as you.
wouldnt a simple switch/router prevent all that? because those devices are smart enough to send traffic only towards the correct destination. I could understand if all the PCs were connected to a hub, then you would recieve all traffic, but on a modern network surely that wouldnt be possible as no1 uses hubs any more.
My computer is connected wirelessly to the main router in our house, my parents barely use the main computer which the router is connected to. No one uses this computer but me.
Microsoft have got me my account back, they said that there had been a breach in hotmail security and my email account along with a few others were compromised. They apologised and didnt say anything more than that...
*Closes hotmail account*
Microsoft have got me my account back, they said that there had been a breach in hotmail security and my email account along with a few others were compromised. They apologised and didnt say anything more than that...
*Closes hotmail account*
Microsoft have got me my account back, they said that there had been a breach in hotmail security and my email account along with a few others were compromised. They apologised and didnt say anything more than that...
*Closes hotmail account*
So if there was a breach and more than one account was compromised it might have actually been hacked... not your paticular account, but someone could have gained access to a secure hotmail server that holds these login details.
And keyloggers and all that aint as popular as a lot of the people pn here think.
When someone usually gets hacked it's because they have been phished. When a spoof site is made, that looks exactly like the real one, then when you enter your login details it simply sends them to someone. I've seen these phishing sites many times, especially for myspace and ebay.
It's so easy to do aswell, i could easily make one myself.
Last edited:
Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,920
NEVER EVER EVER EVER use a free email account such as hotmail to sign up to anything. they are far to easily "hacked". really, your just asking for trouble.
They are no more easily broken into than any other account. In fact it's a beter to use a free account, otherwise whoever got in could access even more personal information.
Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,920
with a isp account for example you can ring them up and say "oh noes ive been hax0red" etc. who do you call if a free one gets hacked. no one. you are pretty much ******
Permabanned
- Joined
- 2 Dec 2007
- Posts
- 265
I doubt a nobody phoning an ISP would get through security checks that easily, but it is possible. Most calls are recorded though. you'd have to have bottle to do that I suspect - and some luck.
He means that you don't get the support of an ISP, as they have a phone number to ring if something happens, whereas hotmail you don't.
But i was sorted with hotmail, it took a few emails to convince them instead.