hacking into anothers email ?!?!

BU Medical Sciences
This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
N

nope80

Resident
15+ Year Member
Joined
Apr 10, 2004
Messages
1,094
Reaction score
6
Points
4,586
Advertisement - Members don't see this ad
Is it possible to hack into another person's email account (like a hotmail/yahoo account) and read their messages?? How would one know for sure if this were happening to them? 😱
 
Of course it's possible, all one would need is your email address and password. Try sending yourself emails from friends' accounts that sound important or whatever and see if they disappear. You should probably change your password as a first step, though.
 
If you change your password, be sure to include special characters, such as: %,$,&, etc... With new technology, simple word or phrase passwords can be figured out in less than a minute.
 
Oh yeah..well i know if they had my password it would be possible to login but i'm almost 300% sure that it would be IMPOSSIBLE to figure my password out. There isn't anyway through some crazy special code that they could have FOUND my password-or were given it through some special program?

Thanks.
 
People can use your clue questions to change your password on yahoo... so don't make the answer to that question obvious (ie, don't do something like mother's maiden name, unless you intentionally put the wrong one).

But for major mail services (yahoo, hotmail), they will never send your actual password; they'll just give you the option to change it; so the obvious way to tell if someone has "hacked" it is if your password doesn't work all of a sudden.
 
are you finding messages that you haven't read marked as read? or do you have reason to suspect that there's someone trying to get into your mail for some reason?

i basically assume that anything is potentially public knowledge, or that someone can crack it. changing passwords frequently and not using the same one is a good deterrent though....
 
you can have ur actions on the computer monitered if someone has spyware on your computer. run a virus check, then run a spyware check.
 
nope80 said:
Oh yeah..well i know if they had my password it would be possible to login but i'm almost 300% sure that it would be IMPOSSIBLE to figure my password out. There isn't anyway through some crazy special code that they could have FOUND my password-or were given it through some special program?

Thanks.
Click to expand...
The only thing you have to worry about (realistically) is remembering to close your browser if you use Yahoo/Hotmail. If you leave your browser open, someone could just go back through the page history and access your account.

Is there any non-realistic way someone could have access to your account? Sure. It's possible to use spyware to install a keylogger on your machine, recording your keystrokes and hence finding out your passwords. But this is highly unlikely.
 
BklynWill said:
If you change your password, be sure to include special characters, such as: %,$,&, etc... With new technology, simple word or phrase passwords can be figured out in less than a minute.
Click to expand...

Grrrr. Can you clarify this? Now I'm all paranoid. I have passwords for about 10 things and they are all the same but without these special characters. Should I go change them all?
 
Always, Always, ALWAYS click on the "logout" button in webmail, especially if you are on a public computer.

Our mail interface at our school is susceptible to the "referer bug" which basically means that if one is using webmail and clicks on an embedded url in an email, the server that is hosting that site can read the HTTP_REFERER variable and have access to your inbox. To check if you are vulnerable to this bug, copy the URL the next time you are using webmail, and email it to someone. Ask them to click on it within the next 5 minutes and see if they can access your inbox.

Basically, the way it works is this:

1. When you use webmail, if you notice, the URL contains the session id (sid) that is all you need to access your inbox. For example, mine is something like:

http://webmail.drexel.edu/en/mail.html?sid=gsgeny3gNgk&lang=en&cert=false

With this information, anyone can access your inbox until your session expires (60 minutes later) or you click logout.

2. When you click on an embedded link (one that is in your email), the server gets a variable called HTTP_REFERER that tells who is accessing their website. All they have to do is copy that URL into their browser, and they will be able to access your account.

Moral of the story: Never click on an embedded link in webmail. Always copy and paste it into the browser URL box.

If you are using a shared computer, don't forget to click "logout". Otherwise the next person that uses the internet browser can just access the last sites that someone visited and scroll down to any of the unexpired webmail sessions, and get into anyone's mailbox.

Here's a more technical explanation:

http://www.cotse.com/mailing-lists/bugtraq/2000/Jan/0132.html
 
p.s. I randomly scrambled the session id variable in my previous post, so don't even BOTHER trying to get into my mailbox with that 😉
 
Eraserhead said:
Grrrr. Can you clarify this? Now I'm all paranoid. I have passwords for about 10 things and they are all the same but without these special characters. Should I go change them all?
Click to expand...

It is highly unlikely your password will be guessed especially if it's not anything related to your personally (date of birth, name, etc...). If it's a series of random or semi-random charracters and it is of a reasonable length (6 characters or more), then a brute force hack of the password would take years on an a very fast computer. Highly unlikely.

Just make sure your password is semi-long (6 characters is good), not personal, and hopefully a mix of random letters/numbers that are not on a word list (that's the other way passwords can be guessed--dictionary attacks). Still, after all this, it's pretty hard for your password to be guessed.
 
If you have a trojan program with a keylogger you can get anyones password within a couple minutes, assuming that they type their password in everytime they log on. As long as you have an up to date Anti-Virus program you should be able to detect trojans on your computer.
 
just assume the worst: anyone can read your email, listen to your phone conversations, or use video cameras to spy on you at any time. Just don't write/say/do anything using electronic communication that you dont want anyone to hear. (edit: or see, or post, or sell)

Note: if people do read your email / tap your phone / video tape you without your consent, in most cases it is a FELONY. I think there is a case of someone breaking into an ex-lover's email recently... that person was charged with a FELONY. Do not pass go, do not collect 200 dollars, do not every go anywhere in life with your FELONY conviction... lol. i like saying felony... FELONY!

However, the police and government can do this with a court order or if they think you are planning crimes against the country... especially with email. EMail is fair game. So are seemingly harmless internet message boards... :meanie:
 
A few months ago I started receiving emails from people I have never heard of asking me to remove them from my mailing list..... This was the clue that someone had hacked into my account!!! I had to wipe my whole computer because they also infected my computer with a virus and I had to have my cable modem reset because due to security measures my computer was locked. So I am much more careful with my accounts now!!!!!
 
Baditude said:
A few months ago I started receiving emails from people I have never heard of asking me to remove them from my mailing list..... This was the clue that someone had hacked into my account!!! I had to wipe my whole computer because they also infected my computer with a virus and I had to have my cable modem reset because due to security measures my computer was locked. So I am much more careful with my accounts now!!!!!
Click to expand...

This probably means your email was "spoofed," or used as the sender without your permission, and not that you got a virus.

Ex: I go online and for every transaction that I do, I use your email address. Poof - your email is everywhere on the internet, and you'll get tons of email from people you don't know.
 
BubbleBobble said:
This probably means your email was "spoofed," or used as the sender without your permission, and not that you got a virus.

Ex: I go online and for every transaction that I do, I use your email address. Poof - your email is everywhere on the internet, and you'll get tons of email from people you don't know.
Click to expand...


There are virsuses that forge headers so that emails look like they came from you. It could have been done manually by someone as well. Another FELONY, might i add. 😀

Our work server was hijacked by one of these things... it would forge the headers of emails and send messages to everyone in our contact database through an open port on the computer. Using a firewall to monitor and control port access usually takes care of the autosend feature, though.
 
fullefect1 said:
If you have a trojan program with a keylogger you can get anyones password within a couple minutes, assuming that they type their password in everytime they log on. As long as you have an up to date Anti-Virus program you should be able to detect trojans on your computer.
Click to expand...
Most keyloggers are not detected by antivirus programs.
 
Hacking into an email account can be done by someone who is very familiar with computer programming and such. Also, obtaining a password is possible...not by guessing but by running hacker programs like key stroke recorders (spy gear) on your computer. I know that this can be done because my ex-boyfriend turned into my internet stalker!! I had to go to the police and everything...they have a division that is specially trained to deal with internet crimes. My ex could go back and retrieve emails that I had sent and deleted from my account several months ago, send fake emails under my addy, read every email I sent out....anyway, you get the point. It can be done and it can be a real pain in the a**. The biggest problems is that today's laws cannot keep up with technology so there isn't a lot you can do legally.
 
You must log in or register to reply here.

Similar threads

A
  • Question Question
sending update letter/email
Replies
6
Views
1K
mmmedical
M
N
Is email inappropriate?
Replies
8
Views
1K
Goro
Goro
kingkong6712
Is demonstrated interest factored into admission decision?
Replies
7
Views
1K
AsclepiusAdvisingLLC
AsclepiusAdvisingLLC
kingkong6712
How are parental asset incorporated into expected family contribution?
Replies
1
Views
511
Mr.Smile12
Mr.Smile12
kingcobra203
Certiphi screening email not received yet
Replies
4
Views
1K
FrederickMarx
F
Top Bottom