Some hacker bought something on my ebay account !! WHAT!

spoffle said:
That would be cracking.
Click to expand...

No it isn't. Cracking is a subset of hacking where the attacker attempts to break the thing they are hacking. Or alternatively, cracking a password by guessing or decrypting it.

I don't think you know what you are talking about. I do this for a living.
 
El Pew said:
No it isn't. Cracking is a subset of hacking where the attacker attempts to break the thing they are hacking. Or alternatively, cracking a password by guessing or decrypting it.

I don't think you know what you are talking about. I do this for a living.
Click to expand...

Break into... That would make "hacking" redundant. Cracking a pass word isn't "breaking" it as such though is it? It's it's to bypass security or get through it. You say it as if cracking is just the process of breaking something and that's it.
 
spoffle said:
Break into... That would make "hacking" redundant. Cracking a pass word isn't "breaking" it as such though is it? It's it's to bypass security or get through it. You say it as if cracking is just the process of breaking something and that's it.
Click to expand...

I literally don't understand this word salad.

Stealing a password to gain access to a system, via phishing or any other means, is hacking. The OP's account was hacked. It's that simple.

If you disagree then you have a bizarre definition of hacking that isn't shared by the professional InfoSec community.
 
my amazon account was hacked, they changed the log in details, they returned £250 stuff back which went onto a gift card, which they never received!
when I got my account back the gift card was still there, I told amazon about this all, and they didn't care about the extra money in my account to use! , so I guess it was a sorry for the inconvenience thing
 
I have a simple way of defeating these phis emails, and that's don't open the link. If it looks real enough to concern you go manually to ebay/paypal and check there.

have a good hard to guess password with good entropy
 
El Pew said:
Also, you can enable 2-factor on PayPal now, so you have to put a one-time password from your phone into the login screen before you can execute a transaction.
Click to expand...

Combat squirrel said:
I already use 2 step on google and use text verfication code for paypal.
Click to expand...

PP security key, as they call it, isn't great.

1)
bTHg9qr.png


2)
yUa3TGU.png


BTW, remember when the OP had his TeamViewer account hacked? :p
 
Combat squirrel said:
No - I live alone, I'm paranoid about security - my office has heavy bolt locks on it and out of trained habit I put all my devices in here at night - The house is also secured with a professional grade commercial alarm & CCTV. I take physical and digital security equally seriously - hence the absolute shock.
Click to expand...

On a shock scale of 1 to 10, how would you rate this latest hack vs the Teamviewer one above from a few months ago?
 
Yeh that sucked as well! Haha, deleted my account on team viewer, 3-4 people I know got hacked in various accounts in the past week, one of which is majorly net savvy and has basically discovered its colossal server farms in China enmass hacking, it's apparently becoming more automated and successful, he recommends never using any know word in any password ever again, at the least keep ur passwords something like this example:

Bdj8) 8(8@56)8(5dndnajdjsjsbxh(8:85%8£8::88:8(8'5(8(88=5(2(41(33(5)5

Or similar :-P
 
Funny think about those passwords though. Crazy long complicated passwords like that only really protect from brute force attacks. Most websites worth their salt wouldnt allow brute force attacks at all.
Passwords like Bdj8) 8(8@56)8(5dndnajdjsjsbxh(8:85%8£8::88:8(8'5(8(88=5 (2(41(33(5)5 are impossible to remember and a pain in the neck to type in every time. However computer programs see no difference between what we recognise as words and a jumble of random characters. A basic script kiddie with start with a dictionary set, but advanced hackers will use algorithms that can include whatever character set you choose. Of course, the longer the password and the wider the character set you use will significantly lengthen the time it takes to brute force a password, but wont protect you if there is a vulnerability or leak somewhere.
As for the TV/RDP issue...easiest step in securing that is to use a non standard port. Everyone knows if 3389 is open then you can make an RDP attempt. Not sure how you would change the default port on TV though as i rarely use it at work and its not used in an 'always on' environment.
I would be very dubious about the apple account hack being at Apples end. After the 'fappening' thing a year or so ago, you would think that Apples security would be tightened. I believe that that was all down to the icloud account having easily guessed passwords or password obtained through social engineering.
As i said earlier in this thread, there is a social engineering (phishing) thing going around for iTunes at the moment.
 
Yeah but, its apparent a massive chinese server farm can use brute force pretty well if your running millions of systems - and most people on average will use a word and some numbers, like

'password 123' , 'password 213' etc

If you do it enough you can build up further data of the common ones, while computer programs see no different - humans do - so you program the computer to hunt as if simulating human thinking for passwords, the structure and common layouts etc.....

However if you have a password manager -- store that file locally -- and every single one of your accounts is a 64 digit random caps/small/digit/symbol .......... then you step away from common patterns and every single account you have becomes a nightmare for hacking farms - and even if billions to one they guess one single account, then it doesn't matter, all the other ones are different.
 
Yes. My point was, most websites these days for financial stuff especially will not allow brute force attacks of any kind. Get the password wrong 3 times and your account is locked, or something similar. I believe its a very 'old fashioned' way of hacking unless you have a way to somehow use an exploit to stop the sever counting how many attempts have been made.
I don't believe that giant Chinese server farms would be remotely interested in hacking the average householder. There is far more money to be made by attacking businesses and stealing data. Social Engineering is a far more effective method of getting into individual pcs as it just requires them sending out a few 100,000 emails and getting maybe a 1% response. Brute forcing individuals computers its just a massive waste of resources for little to no return on investment.
My guess would be 99% of the average individual being 'hacked' would be down to being an unlucky respondent of a phishing email or other data/credential breach rather than a specific targeted attack.
 
You must log in or register to reply here.
Back
Top Bottom