A Digital Age Deserves A Digital Leader

I've been hacked

Postby kd1966 » Fri Jan 19, 2007 2:51 am

If that's what your wireless security settings were BEFORE, then I would presume a phishing event......
PRO PLATINUM
User avatar
Posts: 6831
Joined: Tue Aug 09, 2005 2:00 am
Location: USA - GSO - NC

Postby Xstream » Fri Jan 19, 2007 2:10 pm

yes, thats what they were before.
guess me or my wife fell for something, although we both use gmail and I searched the archives and found nothing. it was done on jan 15th at 10 pm. thats what time my ebay settings were changed. ebay keeps a record.
PROfessional Member
User avatar
Posts: 3477
Joined: Fri Mar 15, 2002 2:30 am
Location: USA

Postby yeshuas » Fri Jan 19, 2007 2:21 pm

Unbelievable!!!!!!!!!!

Do-it-Yourself Phishing Kit Found Online
Anti-Fraud monitors discover a kit that eases normally difficult phishing attacks on bank and e-commerce websites.
John E. Dunn, Techworld.com
Friday, January 12, 2007 09:00 AM PST


A software kit has been discovered for sale on the Internet that makes it possible for non-experts to set up and carry out sophisticated phishing attacks on large numbers of websites.

EMC's RSA division reports that its Anti-Fraud Detection Center (AFCC) found the 'universal man-in-the-middle phishing kit' being offered in a free demonstration version on a criminal forum monitored by the company.

User Friendly
The kit--said to have a user-friendly interface designed to help the nontechnical criminal--automates the programming needed to pull off a normally tricky man-in the middle attack on websites such as banks or e-commerce sites.

Typically, the attack generated by the kit would start by duping users into clicking on a link embedded within a phishing email. This would direct them to a fraudulent URL able to communicate with the genuine website in real time, retrieving content from that site to make the scam appear as convincing as possible.

Quick and Easy
Apart from the fact such attacks can be carried out quickly and simply on multiple websites, it offers the advantage of giving criminals access to all information exchanged with the attacked site, not just the basic login. According to RSA, the kit qualifies as 'universal' because it can be used on any website, and thus attacks don't need to be tailored for each site

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan of RSA.

"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months," he said.

Working man-in-the-middle attacks are relatively rare but not unheard of by any means. Last year, the Sinowal Trojan was found circulating in Germany by Kaspersky Lab.
Game Over!!!!!!!!
Image
ASUS Maximus V Gene MB
Windows 8 X64; Windows 7 X64; Windows 7 X86
Intel I5-3570K
16GB Corsair Vengeance Ram
eVGA GeForce GTX 550 TI
Corsair GS700 PS
1TB Seagate SATA 6.0Gb HD
Thermaltake Case
Software Development
User avatar
Posts: 5075
Joined: Wed Jan 17, 2007 3:29 pm
Location: Chicago, IL
Real Name: Daniel Schmidt

Postby kanaloa » Fri Jan 19, 2007 2:47 pm

kd1966 wrote:If that's what your wireless security settings were BEFORE, then I would presume a phishing event......


I agree, I still think it had to be that.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Postby ZeroByte » Fri Jan 19, 2007 4:49 pm

Paypal and E-Bay should have an option to not allow changes without a written authorization or verbal confirmation.

My bank for instance. If I want my pin number changed to access my account they mail me a letter. When I get the letter with the new pin I have to call and verify I received it. Which during that process they ask me several questions. Pain in the a** yes but I am comfortable knowing someone else cant change anything.
ZeroByte
PRO Level 15
User avatar
Posts: 1199
Joined: Thu Aug 01, 2002 2:12 am
Location: Mexico, NY
Real Name: Mike Sheats

Postby kanaloa » Fri Jan 19, 2007 5:23 pm

They do have the option to notify you via email if changes are made. I would definitely select that. Good suggestion Mike.
"Greatness is not a function of circumstance. Greatness, it turns out, is largely a matter of conscious choice, and discipline." - Jim Collins
President
User avatar
Posts: 11795
Joined: Sun Mar 10, 2002 1:18 am
Location: Columbia, SC
Real Name: John Derrick

Postby Xstream » Fri Jan 19, 2007 8:38 pm

I just logged into ebay and got a message that someone was trying to change my password. I guess the guy just figured out he was locked out, However, I now have a yahoo email addy and an ip address. How can I find the guy? and do I even want to?
PROfessional Member
User avatar
Posts: 3477
Joined: Fri Mar 15, 2002 2:30 am
Location: USA

Postby ZeroByte » Fri Jan 19, 2007 9:12 pm

Xstream wrote:I just logged into ebay and got a message that someone was trying to change my password. I guess the guy just figured out he was locked out, However, I now have a yahoo email addy and an ip address. How can I find the guy? and do I even want to?


I would forward that info to the eBay Security Center. Pursuing things like this yourself can be hard if you don't know how and do not have the resources.
ZeroByte
PRO Level 15
User avatar
Posts: 1199
Joined: Thu Aug 01, 2002 2:12 am
Location: Mexico, NY
Real Name: Mike Sheats

Previous

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 3 guests