Gmail accounts being hijacked like crazy

Page 4 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
datalink7

datalink7

Lifer
Jan 23, 2001
16,765
6
81
My gmail account got compromised yesterday. But no emails were sent out so maybe I caught it right as it happened. I immediately changed my password to something even more complicated (twice as long as before and threw in some extra symbols).
 
E

emgeiger1991

Junior Member
May 5, 2010
16
0
0
theevilsharpie said:
Please stop posting.
Click to expand...

Never! Why? just mad cause I know what it means along with https. I would just think it would be ridiculous to go out and preach this great thing that you wouldn't even know anything about it. He talks like he knows what he's talking about so i'm just trying to find out how much he actually does know.
 
E

emgeiger1991

Junior Member
May 5, 2010
16
0
0
GodlessAstronomer said:
I don't have a whole lot of respect for spidey07 in general but with regards to networking he knows his shit.
Click to expand...

me too, i'm certified, and i'm studying for another one, here's one of the questions on the study guide

Which item can easily create an unencrypted tunnel between two devices?
A. PPTP
B. AES
C. L2TP
D. HTTPS
Answer: C

Well would you look there it don't say that https is unecrypted
 
Crusty

Crusty

Lifer
Sep 30, 2001
12,684
2
81
emgeiger1991 said:
me too, i'm certified, and i'm studying for another one, here's one of the questions on the study guide

Which item can easily create an unencrypted tunnel between two devices?
A. PPTP
B. AES
C. L2TP
D. HTTPS
Answer: C

Well would you look there it don't say that https is unecrypted
Click to expand...

I'll paste it again so you can understand just one of the reasons WHY people are telling you to stop posting.

http://www.thoughtcrime.org/software/sslstrip/

Your data is only as safe as the network it is on, and since you really have no control over which networks your data passes over you have no idea if someone is hijacking your SSL session unless you know what to look for or the hijack is rather shitty.
 
JD50

JD50

Lifer
Sep 4, 2005
11,919
2,887
136
emgeiger1991 said:
me too, i'm certified, and i'm studying for another one, here's one of the questions on the study guide

Which item can easily create an unencrypted tunnel between two devices?
A. PPTP
B. AES
C. L2TP
D. HTTPS
Answer: C

Well would you look there it don't say that https is unecrypted
Click to expand...

This is why certification exams that only use multiple choice are worthless.
 
S

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
emgeiger1991 said:
Never! Why? just mad cause I know what it means along with https. I would just think it would be ridiculous to go out and preach this great thing that you wouldn't even know anything about it. He talks like he knows what he's talking about so i'm just trying to find out how much he actually does know.
Click to expand...

I was warning people on what is possible using HTTP which is sent in the clear, over the air, can be read by anybody in range of your wireless client or the access point. Hence why one should use HTTPS/SSL and verify the cert is good.

I then went on to explain there are programs to do a man in the middle attack on SSL which crusty even explained further even giving the name of this tool. So as a public warning to people that may not know, don't trust public wireless hotspots for any sensitive communications.

And also as a public warning, don't listen to people who don't know what they are talking about.
 
OutHouse

OutHouse

Lifer
Jun 5, 2000
36,410
616
126
shocksyde said:
I log into Gmail this morning and it says my account has been disabled. I go through the process of proving it's me and then see some sent emails to my friends that contain only a link. I have no idea where the link goes b/c I didn't click any of them.

I immediately changed my password and sent emails to those that received the hijacked spam links.

I am very careful about phishing sites and clicking on questionable links. I seriously doubt the hijacking was on my end. Is it possible Google is to blame for this? Normally I'd say, "No, I'm a moron, I clicked on something I shouldn't have," but at least 5 other people I know (none of whom are the ones my hijacked account sent emails to) had their account hijacked this morning.

Any insight as to what's going on? Anyone else get hijacked?
Click to expand...

my friends got jacked as well 2 weeks ago and she has a G1 android.
 
Last edited:
OutHouse

OutHouse

Lifer
Jun 5, 2000
36,410
616
126
Saga said:
Once again, I'm continually amazed at people using the word "hacked" as a legitimate stand-in for having poor password security.
Click to expand...

my friend who got compromised uses pass phrases not passwords. something like 'I love chocolate cake at 6AM!"
 
OutHouse

OutHouse

Lifer
Jun 5, 2000
36,410
616
126
emgeiger1991 said:
Never! Why? just mad cause I know what it means along with https. I would just think it would be ridiculous to go out and preach this great thing that you wouldn't even know anything about it. He talks like he knows what he's talking about so i'm just trying to find out how much he actually does know.
Click to expand...

lol, you are a classic example of a boot-camp paper cert. Spidey has more real world networking security experience in his toe cheese than you will ever have.

seriously stop posting until you can stop barfing up brain dumps. you just may learn something useful.
 
Last edited:
ScottFern

ScottFern

Diamond Member
Oct 23, 2002
3,629
2
76
Wow, and I thought it was some fluke thing. Happened to my professional job hunting email account with Google. I noticed only one email was sent out however probably because I rarely use the account.
 
T

tk149

Diamond Member
Apr 3, 2002
7,253
1
0
spidey07 said:
I was warning people on what is possible using HTTP which is sent in the clear, over the air, can be read by anybody in range of your wireless client or the access point. Hence why one should use HTTPS/SSL and verify the cert is good.

I then went on to explain there are programs to do a man in the middle attack on SSL which crusty even explained further even giving the name of this tool. So as a public warning to people that may not know, don't trust public wireless hotspots for any sensitive communications.

And also as a public warning, don't listen to people who don't know what they are talking about.
Click to expand...

Please explain this to me as if I were a kindergartener. Is it safe to access sensitive accounts (like bank account websites) using HTTPS over a public WiFi?
 
OutHouse

OutHouse

Lifer
Jun 5, 2000
36,410
616
126
tk149 said:
Please explain this to me as if I were a kindergartener. Is it safe to access sensitive accounts (like bank account websites) using HTTPS over a public WiFi?
Click to expand...

personally i would never do that. i view all public wifi hot spots as a party line and you have no idea who is listening.
 
Crusty

Crusty

Lifer
Sep 30, 2001
12,684
2
81
tk149 said:
Please explain this to me as if I were a kindergartener. Is it safe to access sensitive accounts (like bank account websites) using HTTPS over a public WiFi?
Click to expand...

I would never do it. It's the fact that you can't trust the network so you can't trust that your connection is secure. Pulling off a successful MITM SSL hijack isn't as easy as it sounds, but it's always a possibility, especially on networks you can't trust. That doesn't mean that the network operators aren't running their own SSL proxy to decrypt the traffic either, although I highly doubt many 'public hotspots' deploy such technology.

It's generally easier to get someones personal info through social engineering and more traditional spyware attacks than through an SSL hijack.

That being said, is it absolutely important that you must know your exact account balance while sitting in starbucks? Simple due diligence can avoid most problems.
 
Crusty

Crusty

Lifer
Sep 30, 2001
12,684
2
81
cliftonite said:
Is it safe to use a public wifi to RDP into your desktop at home and surf on the desktop?
Click to expand...

Depending on the RDP/VNC version, it will most likely send your username/password in plain text across the network. If you want to be secure on a public Wi-fi you need to be able to tunnel your entire network access to a secure network. Any traffic that leaks outside of the tunnel would help an attacker get access, including DNS requests.

Depending on what I'm doing, I usually tunnel a SOCKS proxy over SSH to my laptop and using firefox you can tunnel your DNS requests through it as well. If I need more general protection I'll fire up a VPN to my home or office.
 
Gibson486

Gibson486

Lifer
Aug 9, 2000
18,378
2
0
"Consecutive Lowercase Letters"

Yeah, except some sites do not have case sensitive passwords.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom