Rob Withey
Member
Registered: 21st Sep 03
User status: Offline
|
Some guy hijacked my ebay account last week, but fortunately didn't get my paypal or email. Seems to be a spate of this recently.
I know the guy's name and the city he lives, his ISP, his email address and most of his phone number. That's the problem with hijacking an account and not being good enough at it - you leave your identity all over it. 
[Edited on 23-02-2009 by Rob Withey]
|
Terry12
Member
Registered: 24th Sep 07
Location: Manchester
User status: Offline
|
quote:
Originally posted by Rob Withey
Some guy hijacked my ebay account last week, but fortunately didn't get my paypal or email. Seems to be a spate of this recently.
I know the guy's name and the city he lives, his ISP, his email address and most of his phone number. That's the problem with hijacking an account and not being good enough at it - you leave your identity all over it.
[Edited on 23-02-2009 by Rob Withey]
Is he not close enough to pay a visit?
|
Gareth F
Member
Registered: 16th Jan 08
Location: Location Location
User status: Offline
|
They never are, if only eh.
|
Terry12
Member
Registered: 24th Sep 07
Location: Manchester
User status: Offline
|
Think i'd put the miles in tbh especially if I'd lost money.
|
Rob Withey
Member
Registered: 21st Sep 03
User status: Offline
|
quote:
Originally posted by Terry12
quote:
Originally posted by Rob Withey
Some guy hijacked my ebay account last week, but fortunately didn't get my paypal or email. Seems to be a spate of this recently.
I know the guy's name and the city he lives, his ISP, his email address and most of his phone number. That's the problem with hijacking an account and not being good enough at it - you leave your identity all over it.
[Edited on 23-02-2009 by Rob Withey]
Is he not close enough to pay a visit?
Not really. But he's close enough to sign up for a bucket load of gay porn and spam.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
That assumes those details are correct.
|
Rob Withey
Member
Registered: 21st Sep 03
User status: Offline
|
quote:
Originally posted by Ian
That assumes those details are correct.
It does, and it's probably a bad assumption. The email address is probably just some other poor unsuspecting victim.
I've got the account back, changed all my passwords to something infeasibly secure and no damage done.
Ironically the bank won't accept punctuation in their password, and when pressed on the matter didn't seem to care about their security so much.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
eh?
Why would you want punctuation in the password?
the main reason I could see for not using it, is that you want to validate the input isn't someone hacking into the database.
Punctuation such as -- ' and ; could cause a catastrophic problem, if the user was allowed to use them.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
I would be worried if the quotes caused problems as that would mean that the passwords were stored in cleartext.
It makes a hash attack significantly less likely, which is what you need.
|
Rob Withey
Member
Registered: 21st Sep 03
User status: Offline
|
quote:
Originally posted by Paul_J
Why would you want punctuation in the password?
Punctuation in passwords is a very good thing. The more random and unpredictable the password the less likely to be compromised by a dictionary attack or other brute force attack.
http://www.microsoft.com/protect/yourself/password/create.mspx
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
quote:
Originally posted by Ian
I would be worried if the quotes caused problems as that would mean that the passwords were stored in cleartext.
It makes a hash attack significantly less likely, which is what you need.
Yes, that's true you'd hash the password before even passing it into the Select statement. Wasn't thinking about it being a password box and just thinking it was any input box.
Ian, do you mind if I ask you a couple of questions on this sort of theming... I was going to send you a message the other day about it.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
quote:
Originally posted by Rob Withey
quote:
Originally posted by Paul_J
Why would you want punctuation in the password?
Punctuation in passwords is a very good thing. The more random and unpredictable the password the less likely to be compromised by a dictionary attack or other brute force attack.
http://www.microsoft.com/protect/yourself/password/create.mspx
That's special characters, not punctuation, I don't think many, if any, systems let you use punctuation characters.
|
C2RL R
Member
Registered: 28th Mar 02
Location: Redcliffe, QLD
User status: Offline
|
anybody know how i can get access to my hotmail account? i'm guessing whoever hacked my paypal has done my hotmail too so i just can't get on it anymore. i'm stuck.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Have they changed the secret question/answer?
If not use that.
|
Rob Withey
Member
Registered: 21st Sep 03
User status: Offline
|
http://en.wikipedia.org/wiki/Punctuation
Quite a few to choose from there. My passwords have some of those in, so I guess they are using unusual systems.
[Edited on 23-02-2009 by Rob Withey]
|
C2RL R
Member
Registered: 28th Mar 02
Location: Redcliffe, QLD
User status: Offline
|
quote:
Originally posted by John
Have they changed the secret question/answer?
If not use that.
must have john. if i go to "forgot my Password" it doesn't give me the option the sign in using location and secret question.
|
*JonnyG*
Member
Registered: 2nd Jun 08
Location: Lincolnshire
User status: Offline
|
I think thats if you either send it to a other address?
|
C2RL R
Member
Registered: 28th Mar 02
Location: Redcliffe, QLD
User status: Offline
|
i don't have another address. or at least i din't when i created that hotmail one.
|
*JonnyG*
Member
Registered: 2nd Jun 08
Location: Lincolnshire
User status: Offline
|
Its a extra you can put in, its normally if you loose your password, you can send a link to your spare email address to get your old account back. But seeing as you don't, i would say your pretty much fucked.
|
C2RL R
Member
Registered: 28th Mar 02
Location: Redcliffe, QLD
User status: Offline
|
i can't even see a way to contact them to get them to investigate. or even to close that account.
|
*JonnyG*
Member
Registered: 2nd Jun 08
Location: Lincolnshire
User status: Offline
|
When marc, was hacked.. i added his msn when he posted about it, and who ever it was accepted me, but no luck with speaking to them.
|
_Allan_
Member
Registered: 24th Mar 04
User status: Offline
|
quote:
Originally posted by Rob Withey
http://en.wikipedia.org/wiki/Punctuation
Quite a few to choose from there. My passwords have some of those in, so I guess they are using unusual systems.
Our MS Exchange server in work allows or even prompts for one punctuation character to be used.
I have a ! in mine so if anyone wishes to hack my works account and sort all my emails for tomorrow it would be appreciated. 
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Special character, of which some are punctuation, it's part of the Active Directory strong passwords setting.
|
evans_corsab
Member
Registered: 23rd Sep 08
Location: Cheshire.
User status: Offline
|
help  my computers like lost norton security ! will paypal and that be ok ?
|
Mike GSi
Member
Registered: 3rd Jan 07
Location: Ipswich, Suffolk Drives:Astra VXR
User status: Offline
|
Did you sign up to paypal using you hotmail account?
|
