Related Entries

1. 1. sinful eye's | September 29th, 2008 at 11:31 am

   LOL , again with the african trickery
   keep your password safe and give it to anyone ppl

2. 2. M | September 29th, 2008 at 11:49 am

   The only way this happens is usually when they respond to bigus emails requesting them to verify their name and password. Other wise is pretty much impossible to hack into someones account

3. 3. Frankie | September 29th, 2008 at 11:56 am

   Its not about giving your password to anyone. All you have to do is use your laptop in a public hotspot. A traffic sniffer will easily uncover ur password and any other data u send and receive (even with SSL encryption which Yahoo doesn’t use anyways). I can personally do this and I’m no super hacker. There are videos all over youtube that can show a monkey how to do it. Sadly you are not much safer at ur own wifi network at home. Even a protected home network running WEP, WPA, or WPA2 can be hacked into. Once again videos all over youtube that are completely moron friendly. If you guys really wanna get serious about security then you have to use a trusted VPN anytime you use a wifi hotspot, and to be more secure you should use TOR (The onion router).

4. 4. Q8GEEK | September 29th, 2008 at 11:57 am

   this might help:
   http://help.yahoo.com/l/us/yahoo/security/general.html

5. 5. joud | September 29th, 2008 at 12:11 pm

   sneaky bastards !

6. 6. sfsa78 | September 29th, 2008 at 12:50 pm

   nigerian scam artists.. they are well known.. infact the country makes alot of money out of the funds that are transferred into nigeria. google it.
   they always need money in order to release millions that are hidden somewhere.. its always the same bullcrap!!!.

7. 7. Q8GEEK | September 29th, 2008 at 12:53 pm

   Cain & Abel can mess around with VPN networks…

8. 8. Amjad | September 29th, 2008 at 12:56 pm

   How was her Yahoo! account taken over and how was it her fault?

   I don’t know if the same thing happened to me, but I have noticed that there are a couple of subscriptions in different websites (such as DVD websites) that were registered with my Yahoo! account (that I NEVER use) and also my name.

   I think I will go ahead and delete my Yahoo! account because I never use it anyways…

9. 9. Frankie | September 29th, 2008 at 12:59 pm

   Cain & Abel is soo 2007 :)

10. 10. Q8GEEK | September 29th, 2008 at 1:07 pm

    oldies goldies =P

11. 11. 7ussien | September 29th, 2008 at 2:38 pm

    a month ago my friend’s hotmail account got taken and the person who took it sent an email to all his contacts advertising a chinese company selling electronics called GVCCN i checked their website and its pretty funny they have the Sony Ericsson Xperia on sale which is not even out yet !:D,at least if you want to scam people try to be smart about it !:D and everything on the website is listed for way less than its original price :D

12. 12. Pure | September 29th, 2008 at 4:56 pm

    @7ussien, i did get something like that from my friend as well but i don’t really remember if it is the same company .. !

13. 13. TanGo | September 29th, 2008 at 6:38 pm

    @ Frankie, I wish you were writing English..

14. 14. RainQ8 | September 29th, 2008 at 8:01 pm

    Its probably not been taken over, more like she opened an email with a script which went through her contacts list and emailed all her friends with the same script and CC’s the original sender, thus they know that all the emails have real people at the other end.

    Then her friends open up the email sent from her (As its a trusted or marked safe email address) – then the script runs again, and the loop goes on. The original sender ends up harvesting a load of real email addresses – which can then be used/sold anywhere they like.

    Clever these little cyber kiddies!

    Frankie are you mad? Hacking WEP and wireless protected networks are time consuming, you have to gather 1GB worth of data before running the algorithm! SSL with Yahoo is a choice at sign in, if you do not choose to then its your problem not Yahoo’s!

    Computers are not stupid, they do their masters bidding, if the master is stupid then there isn’t much the computer can do about it!

15. 15. Omar | September 29th, 2008 at 11:21 pm

    RainQ8, Frankie is 100% correct. What are u talking about 1GB to hack WEP? Are you mad? Wep takes less than a min to crack nowadays with the correct tools. I have a script on my N80 that cracks WEP in about 7 mins (and thats a tiny phone!) WPA and WPA2 (esp. Radius) can take longer, but again neither require 1GB of data.

    Also the script you are describing is not what happened to Mark’s friend. He clearly states that the password of the account was changed (so that the Nigerians can have back and forth communication with anyone that actually believes the emails,

    Guys it is soooo extreemly easy for someone to totally see every bit of data going to and from ur pc when connected to a public hotspot. Next time u are there at Starbucks, look over and try to spot the hacker checking out everything you are doing =)

    On YouTube check out Hak5Darren. It will show you how to do all I just mentioned. It will also show you the best ways to protect yourself. Stay safe people, and be very careful when using credit cards.

16. 16. Sheep | September 29th, 2008 at 11:48 pm

    i’ve gotten an email like that once. I knew it was a scam but I simply replied with “Dude, I’m sorry about whatever happened to you, but if I had $3,000 I’d be out shopping right now not reading this stupid email from you :)”

    Why are they always Nigerian?

17. 17. Just Jay | September 30th, 2008 at 12:30 am

    People, listen. You are playing a cat and mouse game that has been going on for years. Simple countermeasures go a long way…like a password that has letters, numbers, and special symbols. Make it long too. Change it every now and then. Use software that protects you to a degree, and finally… Don’t FALL FOR IT!!! Would you open up mail sent to you, if you had NO IDEA who the sender was? Then again, don’t answer that…

18. 18. RainQ8 | September 30th, 2008 at 12:42 am

    Omar, yep you are right about WEP cracking but the nice data you want to look at is not easy to hack in minutes or low volume data capture, and if they are using wireless WPA then it is time consuming to even get connected.

    Even if you sniff packets at starbucks, and the surfer is connected to a SSL site it would take you donkey years to brute force the encryption on the packets to get the credit card, you would have to sit and gather (Not that I do)!

    But I never use the local wi-fi spots. Good to get the key to surf for free, but expose your computer to others?

    It sounds like a script with simply the reply-to changed before/after harvesting (SMTP masking is easy). Mark pastes the Nigerian guys blurb and he didn’t actually confirm if she can’t get back into her account.

    The reason I mention the script is one of my friends had the same thing happen, but it was not that her account got taken over (although she thought they had) it was just a script (Sent to her in another email, subject: RE: ) harvested her contacts address book.

    She changed her password just in case and unless there’s a trojan key logger on her machine knocking out to some server in China its pretty much safe now. Although she is still looking for tools to protect herself from herself.

    Not sure how you can have your email password reset by Yahoo unless you specified another email address when you signed up to have it sent to. How do they know its 100% you?

    Omar is right with CC’s, my rule is no httpS then no card!

19. 19. RainQ8 | September 30th, 2008 at 12:45 am

    Sheep, it could have been a bot generating addresses by replying to the email you have just confirmed to it that you are a real live recipient that would like to receive even more junk email.

20. 20. RainQ8 | September 30th, 2008 at 12:48 am

    Just Jay, you are right with the simple stuff, but be warned about the wireless free spots and not using SSL sites as you will be easy targets for Frankie and Omar.

21. 21. Omar | September 30th, 2008 at 1:16 am

    @RainQ8. Hehe, I don’t target anyone. I learn all of this just for counter security. By the way, cracking SSL using brute force has gotten tremendously easier since the development of Rainbow Tables earlier in the year. Check it out: Rainbow Tables Brute Hash Cracking http://en.wikipedia.org/wiki/Rainbow_table

22. 22. RainQ8 | September 30th, 2008 at 1:32 am

    Omar you really are feeding the forum too much info which will result in me experimenting – I think thats the same as counter security?

    Rainbow is limited at the moment and all my passwords are longer than 8 characters, contain case change, numbers, and symbols.

    If caught experimenting I will tell them some bloke called Omar set me up with all these ideas! :-P

23. 23. Just Jay | September 30th, 2008 at 1:44 am

    Rain, it’s cool. I work in IT, so I get a kick out of the cat/mouse game. I employ a few tricks to keep my side of the house clean. Trend Micro also has a program called. R U Botted… it’s pretty good too.
    http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted
    I encrypt, surf anonymously, use proxies (not free ones, either) and do what I need to do to keep my less honest friends at bay.

24. 24. Fsa839 | October 20th, 2009 at 4:41 pm

    This happend to my mom and we sent Yahoo! A million of emails and they didn’t reply to any.
    My mom uses her email a lot for business and such so a lot of people started calling her asking if she was ok haha.

25. 25. Fsa839 | October 20th, 2009 at 4:42 pm

    Wow oops this is a 2008 post :p

Trackback this post  |  Subscribe to the comments via RSS Feed