At 09:41 AM 12/06/2011 wrote:
>What most people don't understand is these folks didn't have
>their systems compromised, that's not how these hackers work.
>They are hacked through the email provider's systems at the
>company level.
It happens, but it is not common for the e-mail service
provider's computers to be compromised that way. There are
several common methods used by the people who do this kind of
thing. One is to infect computers with a keylogger that looks
for user-id and password combinations. Some key-loggers run in
the background without the computer showing any symptoms that
the average user would notice. One of the password stealing
key-loggers that I was seeing fairly often a few months ago also
diverted the user's browser to a site with ads one time
following each google or yahoo search. People noticed this when
it happened but didn't recognize it as a sign of infection,
thinking that they'd just clicked on a bad search result. A
second common method is to trick the user into giving the
user-id and password through what is called "phishing". That is,
the bad guy sends a message proporting to be from the service
provider saying the user has to fill out a form or log into a
website to prevent some dire thing from happening. The user, not
wanting that dire thing to happen, doesn't pay close attention
to where the information is going and does what is requested,
handing all sorts of personal information to the bad guy. Using
better passwords doesn't help with those types of attacks. Being
careful what you click on or who you give information to does
help as does making sure you have up-to-date security software
installed. The third common method of breaking into mail
accounts is what is called a "dictionary attack". The hacker
repeatedly tries to log in, using a list of possible words that
might be used as passwords. (Generally he uses a program to do
this which is much faster than doing it manually.) That's where
having a good secure password is most helpful. In all three
cases, once the bad guy has an e-mail address and password for a
user, he may try using that same password to gain access to
additional, and more profitable for him, sites. That's why it
isn't a good idea to use the same password too much.
I'm a computer consultant who works with individuals and small
businesses to fix their computer problems. I get calls from
people whose accounts have been hacked fairly often. Some of
them remember giving their passwords or other information out in
response to something suspicious. Most of the others turn out to
have an assortment of malicious software on their computer. Even
the best anti-virus program misses some things. Hundreds or
new or altered attacks are released every day and it takes some
amount of time for security software to be updated to know about
them. A lot of what is out there works by tricking the user into
telling the computer to do something. Protecting you from things
you choose to do is somewhat harder than protecting you from
things that attack from outside with no user involvement.
Security is a balancing act where the goal is to find a
reasonable point between restricting what can be done to the
point of making the computer difficult to use and allowing too
many openings for attacks.
It is also worth noting that not all messages really come from
the accounts they list in their from: header. If person A's
computer has both person B and mailing list C in its address
book then gets infected with something, it can end up sending
mail claiming to be from person B to mailing list C. This isn't
as common as it was a few years ago but it does still happen.
To add a little bit of on-topic content to this, I've spent the
past two weekends in Maryland. I can't say I saw any unusual
birds but I did see a gorgeous adult Red-shouldered Hawk land in
a tree along the side of the highway at one point.
--
Katrina Knight
Reading, PA, USA
############################
To unsubscribe from the MDOSPREY list:
write to: mailto:[log in to unmask]
or click the following link:
http://home.ease.lsoft.com/scripts/wa.exe?SUBED1=MDOSPREY&A=1 |