Is it possible to hack into another person's email account (like a hotmail/yahoo account) and read their messages?? How would one know for sure if this were happening to them? 
hacking into anothers email ?!?!
- Thread starter nope80
- Start date
- Joined
- Oct 19, 2003
- Messages
- 551
- Reaction score
- 1
Of course it's possible, all one would need is your email address and password. Try sending yourself emails from friends' accounts that sound important or whatever and see if they disappear. You should probably change your password as a first step, though.
Oh yeah..well i know if they had my password it would be possible to login but i'm almost 300% sure that it would be IMPOSSIBLE to figure my password out. There isn't anyway through some crazy special code that they could have FOUND my password-or were given it through some special program?
Thanks.
Thanks.
- Joined
- Dec 31, 2002
- Messages
- 692
- Reaction score
- 0
People can use your clue questions to change your password on yahoo... so don't make the answer to that question obvious (ie, don't do something like mother's maiden name, unless you intentionally put the wrong one).
But for major mail services (yahoo, hotmail), they will never send your actual password; they'll just give you the option to change it; so the obvious way to tell if someone has "hacked" it is if your password doesn't work all of a sudden.
But for major mail services (yahoo, hotmail), they will never send your actual password; they'll just give you the option to change it; so the obvious way to tell if someone has "hacked" it is if your password doesn't work all of a sudden.
- Joined
- Sep 23, 2003
- Messages
- 253
- Reaction score
- 0
are you finding messages that you haven't read marked as read? or do you have reason to suspect that there's someone trying to get into your mail for some reason?
i basically assume that anything is potentially public knowledge, or that someone can crack it. changing passwords frequently and not using the same one is a good deterrent though....
i basically assume that anything is potentially public knowledge, or that someone can crack it. changing passwords frequently and not using the same one is a good deterrent though....
- Joined
- Nov 23, 2003
- Messages
- 394
- Reaction score
- 2
The only thing you have to worry about (realistically) is remembering to close your browser if you use Yahoo/Hotmail. If you leave your browser open, someone could just go back through the page history and access your account.nope80 said:
Is there any non-realistic way someone could have access to your account? Sure. It's possible to use spyware to install a keylogger on your machine, recording your keystrokes and hence finding out your passwords. But this is highly unlikely.
E
Eraserhead
BklynWill said:
Grrrr. Can you clarify this? Now I'm all paranoid. I have passwords for about 10 things and they are all the same but without these special characters. Should I go change them all?
- Joined
- Dec 11, 2001
- Messages
- 671
- Reaction score
- 2
Always, Always, ALWAYS click on the "logout" button in webmail, especially if you are on a public computer.
Our mail interface at our school is susceptible to the "referer bug" which basically means that if one is using webmail and clicks on an embedded url in an email, the server that is hosting that site can read the HTTP_REFERER variable and have access to your inbox. To check if you are vulnerable to this bug, copy the URL the next time you are using webmail, and email it to someone. Ask them to click on it within the next 5 minutes and see if they can access your inbox.
Basically, the way it works is this:
1. When you use webmail, if you notice, the URL contains the session id (sid) that is all you need to access your inbox. For example, mine is something like:
http://webmail.drexel.edu/en/mail.html?sid=gsgeny3gNgk&lang=en&cert=false
With this information, anyone can access your inbox until your session expires (60 minutes later) or you click logout.
2. When you click on an embedded link (one that is in your email), the server gets a variable called HTTP_REFERER that tells who is accessing their website. All they have to do is copy that URL into their browser, and they will be able to access your account.
Moral of the story: Never click on an embedded link in webmail. Always copy and paste it into the browser URL box.
If you are using a shared computer, don't forget to click "logout". Otherwise the next person that uses the internet browser can just access the last sites that someone visited and scroll down to any of the unexpired webmail sessions, and get into anyone's mailbox.
Here's a more technical explanation:
http://www.cotse.com/mailing-lists/bugtraq/2000/Jan/0132.html
Our mail interface at our school is susceptible to the "referer bug" which basically means that if one is using webmail and clicks on an embedded url in an email, the server that is hosting that site can read the HTTP_REFERER variable and have access to your inbox. To check if you are vulnerable to this bug, copy the URL the next time you are using webmail, and email it to someone. Ask them to click on it within the next 5 minutes and see if they can access your inbox.
Basically, the way it works is this:
1. When you use webmail, if you notice, the URL contains the session id (sid) that is all you need to access your inbox. For example, mine is something like:
http://webmail.drexel.edu/en/mail.html?sid=gsgeny3gNgk&lang=en&cert=false
With this information, anyone can access your inbox until your session expires (60 minutes later) or you click logout.
2. When you click on an embedded link (one that is in your email), the server gets a variable called HTTP_REFERER that tells who is accessing their website. All they have to do is copy that URL into their browser, and they will be able to access your account.
Moral of the story: Never click on an embedded link in webmail. Always copy and paste it into the browser URL box.
If you are using a shared computer, don't forget to click "logout". Otherwise the next person that uses the internet browser can just access the last sites that someone visited and scroll down to any of the unexpired webmail sessions, and get into anyone's mailbox.
Here's a more technical explanation:
http://www.cotse.com/mailing-lists/bugtraq/2000/Jan/0132.html
- Joined
- Jan 12, 2004
- Messages
- 776
- Reaction score
- 2
Eraserhead said:
It is highly unlikely your password will be guessed especially if it's not anything related to your personally (date of birth, name, etc...). If it's a series of random or semi-random charracters and it is of a reasonable length (6 characters or more), then a brute force hack of the password would take years on an a very fast computer. Highly unlikely.
Just make sure your password is semi-long (6 characters is good), not personal, and hopefully a mix of random letters/numbers that are not on a word list (that's the other way passwords can be guessed--dictionary attacks). Still, after all this, it's pretty hard for your password to be guessed.
- Joined
- Feb 23, 2003
- Messages
- 790
- Reaction score
- 0
If you have a trojan program with a keylogger you can get anyones password within a couple minutes, assuming that they type their password in everytime they log on. As long as you have an up to date Anti-Virus program you should be able to detect trojans on your computer.
- Joined
- Jun 10, 2003
- Messages
- 466
- Reaction score
- 7
just assume the worst: anyone can read your email, listen to your phone conversations, or use video cameras to spy on you at any time. Just don't write/say/do anything using electronic communication that you dont want anyone to hear. (edit: or see, or post, or sell)
Note: if people do read your email / tap your phone / video tape you without your consent, in most cases it is a FELONY. I think there is a case of someone breaking into an ex-lover's email recently... that person was charged with a FELONY. Do not pass go, do not collect 200 dollars, do not every go anywhere in life with your FELONY conviction... lol. i like saying felony... FELONY!
However, the police and government can do this with a court order or if they think you are planning crimes against the country... especially with email. EMail is fair game. So are seemingly harmless internet message boards...
Note: if people do read your email / tap your phone / video tape you without your consent, in most cases it is a FELONY. I think there is a case of someone breaking into an ex-lover's email recently... that person was charged with a FELONY. Do not pass go, do not collect 200 dollars, do not every go anywhere in life with your FELONY conviction... lol. i like saying felony... FELONY!
However, the police and government can do this with a court order or if they think you are planning crimes against the country... especially with email. EMail is fair game. So are seemingly harmless internet message boards...
A few months ago I started receiving emails from people I have never heard of asking me to remove them from my mailing list..... This was the clue that someone had hacked into my account!!! I had to wipe my whole computer because they also infected my computer with a virus and I had to have my cable modem reset because due to security measures my computer was locked. So I am much more careful with my accounts now!!!!!
- Joined
- Nov 23, 2003
- Messages
- 394
- Reaction score
- 2
Baditude said:
This probably means your email was "spoofed," or used as the sender without your permission, and not that you got a virus.
Ex: I go online and for every transaction that I do, I use your email address. Poof - your email is everywhere on the internet, and you'll get tons of email from people you don't know.
- Joined
- Jun 10, 2003
- Messages
- 466
- Reaction score
- 7
BubbleBobble said:
There are virsuses that forge headers so that emails look like they came from you. It could have been done manually by someone as well. Another FELONY, might i add.
Our work server was hijacked by one of these things... it would forge the headers of emails and send messages to everyone in our contact database through an open port on the computer. Using a firewall to monitor and control port access usually takes care of the autosend feature, though.
- Joined
- Apr 8, 2004
- Messages
- 281
- Reaction score
- 133
Hacking into an email account can be done by someone who is very familiar with computer programming and such. Also, obtaining a password is possible...not by guessing but by running hacker programs like key stroke recorders (spy gear) on your computer. I know that this can be done because my ex-boyfriend turned into my internet stalker!! I had to go to the police and everything...they have a division that is specially trained to deal with internet crimes. My ex could go back and retrieve emails that I had sent and deleted from my account several months ago, send fake emails under my addy, read every email I sent out....anyway, you get the point. It can be done and it can be a real pain in the a**. The biggest problems is that today's laws cannot keep up with technology so there isn't a lot you can do legally.
