Peoples emails getting cracked

Discussion in 'Ask DACS' started by jimkd1yv, Jul 25, 2012.

  1. jimkd1yv

    jimkd1yv Well-Known Member

    Joined:
    Jul 6, 2010
    Messages:
    65
    Likes Received:
    1
    I have noticed in the last couple of weeks, more than usual, peoples email address books seem to be getting cracked. Of the cases I have seen, they have all been on yahoo mail (yes, I know about the 400k yahoo password compromise).

    Are there any other wide-scale attacks that are more prevalent within the last couple of weeks? Or is it just the script-kiddies are all home from school?

    I am recommending that they change their yahoo passwords, and also download and boot from the F-Secure Rescue CD. Are there any other measures that I should recommend?

    Thanks,
    JimR
     
  2. dragonbite

    dragonbite Well-Known Member

    Joined:
    Aug 30, 2008
    Messages:
    477
    Likes Received:
    3
    Does Yahoo offer a second step authentication option?

    I have 2-step authentication with my cell phone so when trying to log in (good for 30 days) I not only have to use my password, but they send a verification code to my phone that is good for something like 1 minute before it expires.

    So if somebody wants to get in my account, they have to have the password AND my cell phone to log in. I know passwords can be cracked and cell phones can be spoofed but it does raise the bar to the more determined people out there.

    Oh, and if I want to use an application, like Thunderbird, or Picasa, or some IM or any other app to access my Google applications/account then I, after logging in with 2-step, create an "application code" which is a randomly generated code that only works with applications. This means with this code one cannot get into my full account and change things like my password, backup accounts, where my 2nd step authentication goes, etc.

    Plus it is easy to delete an application code if I find it is compromized or just as good practice.

    I know once I did this I have had no further problems.
     
  3. jscheef

    jscheef Administrator
    Staff Member

    Joined:
    Dec 4, 2008
    Messages:
    69
    Likes Received:
    0
    Jim,

    Script kiddies are no longer a concern. The people running these attacks are real criminals. I believe these "email hacks" are the result of opening phishing emails that target web-based email and use vulnerabilities in IE to get the password. I have no evidence of this beyond things I've read. Since the contact list is stored on Yahoo, the password is all that's needed to log on the account. Of course they can scan all the emails in the account looking for other account names and try the same password. Who knows, they might be lucky and get control of a bank account.

    Jim

     

Share This Page