How hackers hijack emails
This summer, a hacker sent waves through the tech world when he leaked hundreds of pages of secret documents pertaining to Twitter's business practices to the blog TechCrunch. After the blog published some of the documents, it conducted an interview with the pseudonymous hacker, who explained in detail how he infiltrated Twitter's defenses. The answer? By simply gaining access to one of the employee's Gmail accounts.
The post is fascinating in how meticulously it follows the hacker's strategy (and worth a full read):
Look at the front page of almost any web application and you will see hints at just how hopeless and helpless we are in managing our digital lives: “forgot my password”, “forgot my username”, “keep me logged in”, “do not keep me logged in”, “forgot my name”, “who am i?”. Features that were designed and built as a compromise since we are often unable to remember and recall a single four-digit PIN number, let alone a unique password for every application we ever sign up for. Each new service that a user signs up for creates a management overhead that collapses quickly into a common dirty habit of using simple passwords, everywhere. At that point, the security of that user’s entire online identity is only as strong as the weakest application they use – which often is to say, very weak.
In other words, the security of an individual, company or organization is only as strong as its weakest link. If only one employee in a 400-person company is engaged in unsafe internet practices, he can expose the entire infrastructure to risk.
This was a more sophisticated version of a hack carried out last year, when a politician's son gained entry to one of then-Vice Presidential candidate Sarah Palin's Yahoo email accounts. The hacker was able to use the "forgot your password?" prompts to get access, and many of the emails and images contained within them were leaked to the web.
On Wednesday, we received word that over 10,000 Hotmail accounts had been hijacked through a series of phishing scams. Once the email addresses had been compromised, the hackers accessed the contacts list and spam blasted links to scam retail sites that only allowed payment though non-reversible methods.
The Web site named in the snap shot above -- Koreadeal.com -- features page after page of listings for electronics, some at unbelievable prices (please avoid visiting the site, as a cursory scan indicates it may harbor malicious content). However, if you put any of these items in your cart and try to check out, you'll soon find out that the only way to pay for them is by transferring the money through a bank or Western Union (click the screen shot to the left). Both the Better Business Bureau and the Federal Trade Commission have urged consumers to avoid paying for online purchases via these methods -- which are essentially cash-based and nearly impossible to reverse.
As the article states, even once you've changed your password your account may still be compromised to some extent. Some hackers will change your email signature so it still links out to scam websites, meaning you could still be exposing your email recipients to malware and scams long after you thought the worst is over.
Broadband providers attempt to help consumers by managing their networks to combat SPAM, computer viruses, phishing scams, and other malicious software but as stated by some incredulous tech bloggers, people are still following for such scams. In a post titled, "Dear friends: Please stop falling for phishing attacks," Nicholas Deleon exclaimed, "Seriously, I don’t understand how, in the year 2009 (nearly 2010!) people can still fall victim to phishing attacks. Let’s make this clear: your bank, eBay, Google… NOBODY is going to ask you to 'validate your account' or anything like that. If you ever see anything even like that, then yes, it’s a scam."
While his disbelief is hyperbolic, his advice is sound. One should always be suspicious of any email asking you to log into your account. If you click on a link to do so, make sure you double check the URL you're landing on. Is it the official website of the service you're trying to access? If not, click out of it.
As the commodity states, even
As the commodity states, even already you've afflicted your countersign your annual may still be compromised to some extent. Some hackers will change your email signature so it still links out to betray websites, acceptation you could still be advertisement your email recipients to malware and scams continued afterwards you anticipation the affliction is over. but i will not do this.. play games online
CHANNEL 9 has gone one step
CHANNEL 9 has gone one step further than its rivals, offering full movie downloads for a fee. The website currently features episodes from two shows - the yet-to-screen movie Underworld: Awakening, an American production about the advertising industry in the 1960s, and the Adelaide-based drama McLeod's Daughters. Episodes can be downloaded to your PC at a cost of $1.95 each. They can be watched in Windows Media Player for a period of five days.
This is so cool. I am such a
This is so cool. I am such a huge fan of their work. I really am impressed with how much you have worked to make this website so enjoyable.
Wedding photographer Monaco
Is Anyone Safe
When you hear about some of the recent exploits of the Anonymous group it makes you wonder if there is anything you can do to protect yourself from hackers. They seem to be able to go wherever they want to! - Alicante Aquiller
make sure you double check
make sure you double check the URL you're landing on. Is it the official website of the service you're trying to access? If not, click out of it. Werbebrief
People listed in your e-mail
People listed in your e-mail contacts report being flooded with spam messages sent from your account. Or, you start receiving a bevy of "bounced" e-mails from random addresses you don't know. You aren't able to log into your account or change its settings, or you've discovered the settings have been altered. You attempt to use e-mail, and find it has been blocked by your provider. jogos de motos & Frases Romanticas
People listed in your e-mail
People listed in your e-mail contacts report being flooded with spam messages sent from your account. Or, you start receiving a bevy of "bounced" e-mails from random addresses you don't know. You aren't able to log into your account or change its settings, or you've discovered the settings have been altered. You attempt to use e-mail, and find it has been blocked by your provider. jogos de motos & Frases Romanticas
Having been simply browsing
Having been simply browsing for pertinent blog posts intended for a project research and My partner and i happened to stumble on yours. Many thanks for the useful information! android app developers
PR: n/a I:
While his disbelief is hyperbolic,646-656 exam his advice is sound. 312-50 exam One should always be suspicious of any email asking you to log into your account. If you click on a link to do so, make sure you double check the URL HP0-J48 exam you're landing on. Is it the official website of the service you're trying to access? If not, click out of it.