My e-mail was Hacked!

[Judas BentHer]

FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCKKKKKKKKKKKKKKKKKKK!

Yes, it do suck.

[HeyItsZeus]

FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUCKKKKKKKKKKKKKKKKKKK!

Yes, it do suck.

I told my girlfriend and now shes worried... should she be?

[Autumnlicious]

Only if pictures of her appear online or someone stalks her.

Otherwise, no.

[HeyItsZeus]

Only if pictures of her appear online or someone stalks her.

Otherwise, no.

But I don't know what this guy is doing with them... Is there a way I can trace this guy so I can hire a guy to hack him and fuck him over!

[Tiberius]

If you have Firefox browser, one of the best and superior to IE, this may help with your Gmail.

Or instead of relying on third-party cryptography from an untrustworthy source (I'm certainly not going to go through lines and lines of code to make sure the developer implemented RSA correctly) you could use Gmail's built-in SSL features, which are free and verified as secure by numerous sources (HTTPS is a popular standard).

https://mail.google.com/support/bin/answ...swer=74765

Edit to add: If you want to drop Gmail because of it's obvious vulnerability, you could check out hushmail.com They have a free email option that is very secure. You can learn all the particulars at their site. All you have to do to keep the account is log in at least once every three weeks.

Excuse me, but what exactly is the "obvious" vulnerability? I doubt very much that Gmail itself was hacked, or we'd hear about it in the news; millions of people have their emails with that service. No, what happened here can ultimately happen with any online email account: THE PASSWORD WAS OBTAINED! Whether it was done by guessing it directly, or knowing enough information to trigger a reset, there was no actual part of the Gmail system that was compromised.

I found them a few weeks ago after conducting a Google for

Please tell me exactly how this service is more secure than Gmail, and why after only a few weeks you are endorsing them. Have you done full code reviews of their security? Do you even know the company who operate the mail servers? I have no reason to believe they are more secure than Gmail, and I have no reason to believe there is anything wrong with Gmail in the first place.

Google told me that it was an outside source located in the Netherlands but the IP is American... hmm...

Well, I cant speak to the true motive of Google in their telling you that. However, you may want to be aware that WiFi hacking in the Netherlands is legal! (Article)

So, perhaps because hacking crimes are a prevalent headline in papers around the world and thus it's virtually impossible to prosecute those responsible, Google could be passing the buck claiming the hacker is in the Netherlands so as to imply there's not a lot they can do about it. Also, you have to remember when you're dealing with anything Google.[/quote]
Oh come on, now you are just clearly being ridiculous. Do you even know what WiFi hacking is, or did you do a Google Search and think that makes you an authority on the subject? This breach of an account has nothing to do with WiFi hacking. NOTHING. NADA.

Not just because HeyItsZeus lives in New York, not the Netherlands (making a WiFi hack impossible due to the fucking distance...), but because 3 years ago, Gmail made sure that SSL was used by default for their service (http://gmailblog.blogspot.com/2010/01/de...gmail.html), so it is highly likely that HeyItsZeus has it turned on in the first place. This means that for this to be done via a WiFi hack, the hacker would have to:

1) Somehow gain access to the WiFi access point which HeyItsZeus uses (either physically or remotely).
2) Retrieve the WiFi password for it (assuming it has one). Note: for WEP this is easily done; for WPA and WPA2 it is very hard, bordering on the infeasible.
3) Setup an identical access point (Evil twin attack), which has the same name, security settings, etc.
4) Steal Gmail's private key used in the SSL operations (practically impossible to do unless they hacked into the Google servers themselves.)
5) Wait for HeyItsZeus to connect to their fake access point.
6) Perform a man-in-the-middle attack, with the stolen key used to spoof Gmail's servers.

Only then would they be able to extract the password, or the cookie needed to log on to the Gmail service. So yeah, I'm going to go with "the hacker just guessed the password", because nobody goes to that effort to break into one email account, and I doubt most of it is even possible.

Well, if your GF sent anything fappable over the net she's compromised herself without the help of any hacker.

Not necessarily; it all depends on where you send it. We all send our username and passwords over the internet, but that doesn't necessarily mean we are compromising ourselves...

Anyone can come by those pictures because she had to upload them first in order to include them in your email.

Go read about email attachments before you open your mouth as an authority again.

Create a password that includes capitals, lower case and numbers interchanged.

Contrary to popular belief, this doesn't necessarily make strong passwords. The password "A1bC2" complies with your requirements, and yet is a very easy password to brute force. If you really want a secure password, following the following tips:

1) Make it a minimum of 8 characters long. Generally speaking, the longer, the better. Brute forcing usually starts with smaller passwords, because most people use them, and when you add more characters, you increase the complexity of the guessing operation by a LOT. Most of my passwords are over 20 characters long.

2) Use capital letters, lowercase letters, numbers, symbols; etc. Basically, anything you can type with a standard keyboard is fair game. Spaces, brackets, exclamation marks, percentage symbols; the whole lot.

3) Try to create a different password for each site. This doesn't have to be an impossible memorization task. My method? Come up with some complex password that you can remember which follows the advice of (1) and (2) above. Then, either prepend, or append, or modify the password in some way which is unique to the site you are using it for.

For example, if I have the password stem "X2e7g!Y&" that I can remember, and I want to create a unique password for Google, I could go about it in a number of ways. I could think of a name that begins with "G" or "e" (first / last letters of Google) and add it to the end, creating "X2e7g!Y&Gerald", or prepend: "ErnieX2e7g!Y&", or modify: "GerX2e7aldg!Y&"

You don't have to use names of people; you could do it with street names, names of some species of animal, or anything you are interested in that have a lot of variations which aren't easily guessable. Then, all you need to do is remember the rule you have created for mapping the site name (i.e. Google) to the second part of the password (i.e. Gerald), which is significantly easier.

Anyone who intercepts the password will be confused as to the meaning of the name; they may even think it is irrelevant (perhaps it is the person's father or mother). They probably won't think "it must be some kind of rule that changes with each site", and even if they do, there are a multitude of different names out there; too many to try successfully.

[thebigfudge]

i dont think you should worry. most hacks are automated. They break into your account to spam and thats it, happened to me a few times.

[Napoléon]

But I don't know what this guy is doing with them... Is there a way I can trace this guy so I can hire a guy to hack him and fuck him over!

Don't be silly, you don't want to track him down just to hack him.

You want to assassinate the bastard with one of these:

[thesummerqueen]

Was it this?

http://www.youtube.com/watch?v=a6iW-8xPw3k

[thebigfudge]

Very informative post Tiberius. Thanks for the info

[HeyItsZeus]

Thank you Adrian for your input and not making this out to be a joke...