Rainbow is limited at the moment and all my passwords are longer than 8 characters, contain case change, numbers, and symbols.

If caught experimenting I will tell them some bloke called Omar set me up with all these ideas! :-P

Even if you sniff packets at starbucks, and the surfer is connected to a SSL site it would take you donkey years to brute force the encryption on the packets to get the credit card, you would have to sit and gather (Not that I do)!

But I never use the local wi-fi spots. Good to get the key to surf for free, but expose your computer to others?

It sounds like a script with simply the reply-to changed before/after harvesting (SMTP masking is easy). Mark pastes the Nigerian guys blurb and he didn’t actually confirm if she can’t get back into her account.

The reason I mention the script is one of my friends had the same thing happen, but it was not that her account got taken over (although she thought they had) it was just a script (Sent to her in another email, subject: RE: ) harvested her contacts address book.

She changed her password just in case and unless there’s a trojan key logger on her machine knocking out to some server in China its pretty much safe now. Although she is still looking for tools to protect herself from herself.

Not sure how you can have your email password reset by Yahoo unless you specified another email address when you signed up to have it sent to. How do they know its 100% you?

Omar is right with CC’s, my rule is no httpS then no card!

Why are they always Nigerian?

Also the script you are describing is not what happened to Mark’s friend. He clearly states that the password of the account was changed (so that the Nigerians can have back and forth communication with anyone that actually believes the emails,

Guys it is soooo extreemly easy for someone to totally see every bit of data going to and from ur pc when connected to a public hotspot. Next time u are there at Starbucks, look over and try to spot the hacker checking out everything you are doing =)

On YouTube check out Hak5Darren. It will show you how to do all I just mentioned. It will also show you the best ways to protect yourself. Stay safe people, and be very careful when using credit cards.

Then her friends open up the email sent from her (As its a trusted or marked safe email address) - then the script runs again, and the loop goes on. The original sender ends up harvesting a load of real email addresses - which can then be used/sold anywhere they like.

Clever these little cyber kiddies!

Frankie are you mad? Hacking WEP and wireless protected networks are time consuming, you have to gather 1GB worth of data before running the algorithm! SSL with Yahoo is a choice at sign in, if you do not choose to then its your problem not Yahoo’s!

Computers are not stupid, they do their masters bidding, if the master is stupid then there isn’t much the computer can do about it!