1. Dismiss Notice
  2. Download free Tapatalk for iPhone or Tapatalk for Android for your phone and follow the SDN forums with push notifications.
    Dismiss Notice
Dismiss Notice
Visit Interview Feedback to view and submit interview information.

hacking into anothers email ?!?!

Discussion in 'Pre-Medical - MD' started by nope80, May 4, 2004.

  1. nope80

    nope80 Resident
    10+ Year Member

    Joined:
    Apr 10, 2004
    Messages:
    1,094
    Likes Received:
    6
    Is it possible to hack into another person's email account (like a hotmail/yahoo account) and read their messages?? How would one know for sure if this were happening to them? :eek:
     
  2. Note: SDN Members do not see this ad.

  3. Bones2008

    Bones2008 waiting for retirement
    7+ Year Member

    Joined:
    Oct 19, 2003
    Messages:
    551
    Likes Received:
    0
    Status:
    Medical Student
    Of course it's possible, all one would need is your email address and password. Try sending yourself emails from friends' accounts that sound important or whatever and see if they disappear. You should probably change your password as a first step, though.
     
  4. BklynWill

    BklynWill EM Attending
    10+ Year Member

    Joined:
    Dec 7, 2003
    Messages:
    559
    Likes Received:
    1
    Status:
    Attending Physician
    If you change your password, be sure to include special characters, such as: %,$,&, etc... With new technology, simple word or phrase passwords can be figured out in less than a minute.
     
  5. nope80

    nope80 Resident
    10+ Year Member

    Joined:
    Apr 10, 2004
    Messages:
    1,094
    Likes Received:
    6
    Oh yeah..well i know if they had my password it would be possible to login but i'm almost 300% sure that it would be IMPOSSIBLE to figure my password out. There isn't anyway through some crazy special code that they could have FOUND my password-or were given it through some special program?

    Thanks.
     
  6. vixenell

    vixenell don't stop me now
    7+ Year Member

    Joined:
    Dec 31, 2002
    Messages:
    692
    Likes Received:
    0
    People can use your clue questions to change your password on yahoo... so don't make the answer to that question obvious (ie, don't do something like mother's maiden name, unless you intentionally put the wrong one).

    But for major mail services (yahoo, hotmail), they will never send your actual password; they'll just give you the option to change it; so the obvious way to tell if someone has "hacked" it is if your password doesn't work all of a sudden.
     
  7. traumamonkey

    traumamonkey mid-level resident
    7+ Year Member

    Joined:
    Sep 23, 2003
    Messages:
    253
    Likes Received:
    0
    Status:
    Resident [Any Field]
    are you finding messages that you haven't read marked as read? or do you have reason to suspect that there's someone trying to get into your mail for some reason?

    i basically assume that anything is potentially public knowledge, or that someone can crack it. changing passwords frequently and not using the same one is a good deterrent though....
     
  8. NDESTRUKT

    NDESTRUKT Fadeproof
    10+ Year Member

    Joined:
    Jul 7, 2003
    Messages:
    1,168
    Likes Received:
    6
    Status:
    Fellow [Any Field]
    you can have ur actions on the computer monitered if someone has spyware on your computer. run a virus check, then run a spyware check.
     
  9. BubbleBobble

    BubbleBobble Where's the "any" key?
    7+ Year Member

    Joined:
    Nov 22, 2003
    Messages:
    394
    Likes Received:
    1
    The only thing you have to worry about (realistically) is remembering to close your browser if you use Yahoo/Hotmail. If you leave your browser open, someone could just go back through the page history and access your account.

    Is there any non-realistic way someone could have access to your account? Sure. It's possible to use spyware to install a keylogger on your machine, recording your keystrokes and hence finding out your passwords. But this is highly unlikely.
     
  10. Grrrr. Can you clarify this? Now I'm all paranoid. I have passwords for about 10 things and they are all the same but without these special characters. Should I go change them all?
     
  11. ttac

    ttac Trust me, it's still fun.
    10+ Year Member

    Joined:
    Dec 10, 2001
    Messages:
    671
    Likes Received:
    2
    Status:
    Resident [Any Field]
    Always, Always, ALWAYS click on the "logout" button in webmail, especially if you are on a public computer.

    Our mail interface at our school is susceptible to the "referer bug" which basically means that if one is using webmail and clicks on an embedded url in an email, the server that is hosting that site can read the HTTP_REFERER variable and have access to your inbox. To check if you are vulnerable to this bug, copy the URL the next time you are using webmail, and email it to someone. Ask them to click on it within the next 5 minutes and see if they can access your inbox.

    Basically, the way it works is this:

    1. When you use webmail, if you notice, the URL contains the session id (sid) that is all you need to access your inbox. For example, mine is something like:

    http://webmail.drexel.edu/en/mail.html?sid=gsgeny3gNgk&lang=en&cert=false

    With this information, anyone can access your inbox until your session expires (60 minutes later) or you click logout.

    2. When you click on an embedded link (one that is in your email), the server gets a variable called HTTP_REFERER that tells who is accessing their website. All they have to do is copy that URL into their browser, and they will be able to access your account.

    Moral of the story: Never click on an embedded link in webmail. Always copy and paste it into the browser URL box.

    If you are using a shared computer, don't forget to click "logout". Otherwise the next person that uses the internet browser can just access the last sites that someone visited and scroll down to any of the unexpired webmail sessions, and get into anyone's mailbox.

    Here's a more technical explanation:

    http://www.cotse.com/mailing-lists/bugtraq/2000/Jan/0132.html
     
  12. ttac

    ttac Trust me, it's still fun.
    10+ Year Member

    Joined:
    Dec 10, 2001
    Messages:
    671
    Likes Received:
    2
    Status:
    Resident [Any Field]
    p.s. I randomly scrambled the session id variable in my previous post, so don't even BOTHER trying to get into my mailbox with that ;)
     
  13. TRUE

    TRUE slacker extraordinaire
    7+ Year Member

    Joined:
    Jan 12, 2004
    Messages:
    776
    Likes Received:
    2
    It is highly unlikely your password will be guessed especially if it's not anything related to your personally (date of birth, name, etc...). If it's a series of random or semi-random charracters and it is of a reasonable length (6 characters or more), then a brute force hack of the password would take years on an a very fast computer. Highly unlikely.

    Just make sure your password is semi-long (6 characters is good), not personal, and hopefully a mix of random letters/numbers that are not on a word list (that's the other way passwords can be guessed--dictionary attacks). Still, after all this, it's pretty hard for your password to be guessed.
     
  14. fullefect1

    fullefect1 Senior Member
    10+ Year Member

    Joined:
    Feb 23, 2003
    Messages:
    790
    Likes Received:
    0
    If you have a trojan program with a keylogger you can get anyones password within a couple minutes, assuming that they type their password in everytime they log on. As long as you have an up to date Anti-Virus program you should be able to detect trojans on your computer.
     
  15. kingcer0x

    kingcer0x Re-Member
    10+ Year Member

    Joined:
    Jun 10, 2003
    Messages:
    466
    Likes Received:
    7
    Status:
    Resident [Any Field]
    just assume the worst: anyone can read your email, listen to your phone conversations, or use video cameras to spy on you at any time. Just don't write/say/do anything using electronic communication that you dont want anyone to hear. (edit: or see, or post, or sell)

    Note: if people do read your email / tap your phone / video tape you without your consent, in most cases it is a FELONY. I think there is a case of someone breaking into an ex-lover's email recently... that person was charged with a FELONY. Do not pass go, do not collect 200 dollars, do not every go anywhere in life with your FELONY conviction... lol. i like saying felony... FELONY!

    However, the police and government can do this with a court order or if they think you are planning crimes against the country... especially with email. EMail is fair game. So are seemingly harmless internet message boards... :smuggrin:
     
  16. Baditude

    Baditude Senior Member
    7+ Year Member

    Joined:
    Aug 5, 2003
    Messages:
    241
    Likes Received:
    3
    A few months ago I started receiving emails from people I have never heard of asking me to remove them from my mailing list..... This was the clue that someone had hacked into my account!!! I had to wipe my whole computer because they also infected my computer with a virus and I had to have my cable modem reset because due to security measures my computer was locked. So I am much more careful with my accounts now!!!!!
     
  17. BubbleBobble

    BubbleBobble Where's the "any" key?
    7+ Year Member

    Joined:
    Nov 22, 2003
    Messages:
    394
    Likes Received:
    1
    This probably means your email was "spoofed," or used as the sender without your permission, and not that you got a virus.

    Ex: I go online and for every transaction that I do, I use your email address. Poof - your email is everywhere on the internet, and you'll get tons of email from people you don't know.
     
  18. kingcer0x

    kingcer0x Re-Member
    10+ Year Member

    Joined:
    Jun 10, 2003
    Messages:
    466
    Likes Received:
    7
    Status:
    Resident [Any Field]

    There are virsuses that forge headers so that emails look like they came from you. It could have been done manually by someone as well. Another FELONY, might i add. :D

    Our work server was hijacked by one of these things... it would forge the headers of emails and send messages to everyone in our contact database through an open port on the computer. Using a firewall to monitor and control port access usually takes care of the autosend feature, though.
     
  19. Xega

    Xega Senior Member
    7+ Year Member

    Joined:
    Oct 18, 2003
    Messages:
    239
    Likes Received:
    0
    Status:
    Resident [Any Field]
    Most keyloggers are not detected by antivirus programs.
     
  20. NDESTRUKT

    NDESTRUKT Fadeproof
    10+ Year Member

    Joined:
    Jul 7, 2003
    Messages:
    1,168
    Likes Received:
    6
    Status:
    Fellow [Any Field]
    use black ice defender
     
  21. Indebt4Life

    Indebt4Life Chilling like a Villain
    7+ Year Member

    Joined:
    Apr 8, 2004
    Messages:
    229
    Likes Received:
    0
    Hacking into an email account can be done by someone who is very familiar with computer programming and such. Also, obtaining a password is possible...not by guessing but by running hacker programs like key stroke recorders (spy gear) on your computer. I know that this can be done because my ex-boyfriend turned into my internet stalker!! I had to go to the police and everything...they have a division that is specially trained to deal with internet crimes. My ex could go back and retrieve emails that I had sent and deleted from my account several months ago, send fake emails under my addy, read every email I sent out....anyway, you get the point. It can be done and it can be a real pain in the a**. The biggest problems is that today's laws cannot keep up with technology so there isn't a lot you can do legally.
     

Share This Page