Malware - Apologies to ljcox

Hi All,

I am really angry - somehow my hotmail account was hacked into and a number of emails were sent to my contacts trying to direct them to some technology site.

I only got wind of it when Len replied to the message and told me to go away (it was a little stronger than that, but I completely understand).

Working in IT I used to consider my self pretty savvy about accessing dodgy sites or opening suspect emails as I know this could lead to malware infections. I think I may have to rethink that.

Novice IT users don't stand a chance!!!

Mark

Working in IT I used to consider my self pretty savvy about accessing dodgy sites or opening suspect emails as I know this could lead to malware infections. I think I may have to rethink that.

Click to expand...

I'll take note. Let's be careful.

UTMonkey, you may need to rethink your password security as well.
Mine is a combination of both letters and numbers, the caps isn't always the same on the letters and no two passwords I use on any site are the same, it's a very simple system I worked out long ago which is impossible for me to forget.

If you've had one account compromised you should immediately change every password on every site you access. If you value your security you should change your passwords every few months anyways. Also you should immediately check your machine for keyloggers, they're small unobtrusive and don't effect the system in such a way as you know they're there.

I used to play World of Warcraft quiet a bit and there were constantly phising schemes going around to try to sucker some poor user into logging into a fake website that would require them to log in with the username and pass looking like faked Blizzard site or would sucker you into clicking a link that would install a keylogger so they could get it when you logged in next. I had many friends which I would otherwise consider intelligent and tech savy that ended up with keyloggers.

no two passwords I use on any site are the same

Click to expand...

I use a specific one for my emails, and one pass for most of the other sites.. Can't remember all the passwords.

You could use a password manager like RoboForm, etc.

Vizier that's why you use a system, like a static base password that is modified by a particular and easy to remember system. Such as the last three letters of the site the 2nd letter being uppercase as the middle portion of the alphabetic and numeric portion that is the same to all sites. Obviously don't use that system =) But you should see how easy it can be to remember complex password that are different for every individual location.

Password managers are like handing hackers you entire system on a silver platter, it has to be kept in your head. If you can't do this then the primary security vulnerability is yourself.

Sceadwian said:

Password managers are like handing hackers you entire system on a silver platter, it has to be kept in your head. If you can't do this then the primary security vulnerability is yourself.

Click to expand...

Considering that a "memorized" password can be read by a keylogger, I would disagree. RoboForm stores your password files in an encrypted format and requires you to log on with a master password. The master password times out after 2hrs. If a hacker has enough access to your system to pull the AES encrypted master password files off your machine then you are done anyway. Far better than using easy to remember/common passwords on the web IMHO.
As a side note, I would NOT use a password manager for banking logons. Definitely keep those in your head, keep them unique, and don't use a word from the dictionary.

Oh you mean one of those rotating key ones that you have to have a pendant for? Those might be okay. There are a lot of really stupid password managers out there that don't have nearly as good protection. Problem is if something happens to your pendant with the rotating code on it YOU are completely locked out of the system as well =)

Sceadwian said:

Vizier that's why you use a system, like a static base password that is modified by a particular and easy to remember system. Such as the last three letters of the site the 2nd letter being uppercase as the middle portion of the alphabetic and numeric portion that is the same to all sites. Obviously don't use that system =) But you should see how easy it can be to remember complex password that are different for every individual location.

Password managers are like handing hackers you entire system on a silver platter, it has to be kept in your head. If you can't do this then the primary security vulnerability is yourself.

Click to expand...

Good advice there Scead, thanks.

I do like those rotating code password managers, but like I said, if you lose the pendant you're completely cut off.

kchriste said:

I would NOT use a password manager for banking logons. Definitely keep those in your head, keep them unique, and don't use a word from the dictionary.

Click to expand...

I phoned home to ET and he suggested I use something like {‘²ˆ®¯°±²³´¶·¸¹º»¼½¾￾‘’“”•@#
which apparently translates in English to: FlibbyFlabbyFlubberFlufferNutter

HiTech said:

FlibbyFlabbyFlubberFlufferNutter

Click to expand...

How did you crack my password?

You could just do what I do and have nothing of value for them to find.
I equate it to being like trying to rob a person who is poorer than you.
I guarantee what you will get is not worth the efforts you put into trying to get it!

You cant steal a whole lot of nothin from a nobody!

kchriste said:

How did you crack my password?

Click to expand...

uh oh. I better change mine?