Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Help......question about password stealing..

by Paige1 Nov 23, 2003 9:53PM PST

Boy, I sure do hope someone has the answer. I get spam e-mail all the time saying that I can have the ability to steal anyones passwords and read their e-mail. I was just wondering how that works because I am just afraid of someone being able to do that to me without my knowledge. Is this software that must be loaded to my computer and if so can that be detected? Is this something that can be done remotely? Anyone with info on this would greatly be appreciated..*S*. Joyce.

Discussion is locked

6 Posts
- Collapse + Expand Details
- Collapse -
Re:Help......question about password stealing..
by r. proffitt Forum moderator Nov 23, 2003 10:05PM PST

First off, I'm going to flatly state that EMAIL for the most part is passed about in PLAIN TEXT over the internet and if you tap into the right places, you can in fact read other people's email.

Worse, SMTP and POP3 in most implementations use a non-secure method to supply the name and password of the user's account. If you want to have secure communications, you have to encrypt some attachment. Got it?

"Is this software that must be loaded to my computer and if so can that be detected? Is this something that can be done remotely? Anyone with info on this would greatly be appreciated."

How deep down this rabbit hole do we want to go? At the office, I demonstrated this issue with the use of a nice software suite called NeoBoy (a collection of tcp/ip packet sniffers.) "IT Boss" Willy Sherman was shocked at what one could see on the network. We could watch what web sites were being browsed from what workstation, capture an email transmission and more.

A fine equivilent is noted on most cable modem "neighborhoods."

In closing, most internet applications do not use a secure transmission method. For some, this is a rude shock.

Bob

- Collapse -
Here's the tool. Source is available.
by r. proffitt Forum moderator Nov 23, 2003 10:11PM PST
- Collapse -
Stealing -- most will even do it voluntarily.
by Cursorcowboy Nov 23, 2003 11:00PM PST

One means of obtaining information is that you receive an e-mail that "in all aspects seems perfectly legit" -- your ISP, e-Bay, or somewhere else that you're well aware of membership, and ask that you verify something to ..... You even check out all the links reflected on the Web site page and every aspect seems perfectly clear. However, when you click the hotlink in the e-mail to furnish the requested information in their "fill-in boxes" and click "Send", more than likely that information isn't going where you'd expect.

Any request from a supposed ligitimate source should be verified first with either a personal phone call or another appropriate route before filling out and sending any information.

- Collapse -
Re:Help......question about password stealing..
by Keith Marcotte Nov 24, 2003 3:21PM PST

Do you trust the people (if any) that have access to your PC? Do you execute attachments from friends? One spam that comes to mind required that you install a trojan on the PC or email a trojan to the PC (that the victim then executed). I believe that some reporter sent in the money and never received anything - it was a fraud.

Spam should be deleted unread. It gives you more peace of mind. There's a good chance that a graphic in the email is letting them know that your email address is valid so even opening spam is not a good idea.

Get Mailwasher or ePrompter to nuke your spam without having to read or download it.

- Collapse -
Re:Re:Help......question about password stealing..
by Paige1 Nov 25, 2003 5:03AM PST

Hi R. Proffitt, CursorCowboy and Keith. You have helped quite a bit so far. Let me be more specific. I am actually concerned about my soon to be ex-husband possibly seeing what I have on my computer. He never really uses my computer at home but is now working with a computer savvy co-worker. I guess the question remains...what new technology out there might allow him to access my computer and get passwords without me knowing that he has done that, perhaps remotely from work? When you buy those password stealing programs..do they have to be d/l to duplicate my keystrokes? I'd like to just stay one step ahead of him at every turn if you get my drift. I have already d/l spybot which I am assuming would catch anything that is currently out there? Paranoid in the city...lol.

- Collapse -
The usual.
by r. proffitt Forum moderator Nov 25, 2003 5:23AM PST

1. I collected five suggestions and posted what I dubbed the Anti-Parasite Suite over at http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=1313&start=0

Keep in mind that anything found is unlikely to have been planted by someone you know.

2. If I wanted such information, I'd just walk up and use a device with software like you see at http://www.4migo.com/ While this may not be the exact model or software, the concept is spot-on. Walk up, plug in, it runs (even if the machine has some password protected screensaver) and then bing! I unplug and pocket the data.

3. Given I know about software keyloggers and such are easily detected with tools like in item 1, I would resort to hardware keyloggers if I really wanted such. Here's a web site on such devices -> http://www.keyghost.com/ There are many other models out there.

4. And the best for last. WiFi. All the rage and leaks galore. You do not want 802.11x or WiFi unless you know how to lock it down, turn it off and more.

Remember that a computer is, in my opinion just not a good place for most data.

Bob

Back to Windows Legacy OS forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info