Comments on: Hacking Horror Story…

By: dianoga

dianoga — Mon, 10 Nov 2008 14:35:16 +0000

That’s why there is Noscript and Adblock for Firefox. Don’t browse without it!

By: Joshua

Joshua — Fri, 07 Nov 2008 01:49:15 +0000

yes you guys who mentioned the scripts are correct, the hacker didn’t actually get the password just did something with a script to creat a filter for gmail.

I don’t actually know how this stuff works =)

By: Kris

Kris — Thu, 06 Nov 2008 19:03:52 +0000

Most likely is that his password was not cracked, but simple XSS was used while he was logged in to Gmail.

See here for an example:
http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/

By: Core

Core — Thu, 06 Nov 2008 15:26:03 +0000

I agree with the guy who said its the user – I don’t know the guy personally, but it seems much more likely they managed to plant a trojen on his computer and gained access that way.

I am not saying a gmail hack is impossible here, im sure there are ways, but I just think its a lot more likely they gained access through him.

(Keep in mind, I don’t know him, so I don’t know what he does as far as security).

By: Anonymous

Anonymous — Thu, 06 Nov 2008 14:21:44 +0000

You are naive.
Aibek obviously run some kind of malware on his personal computer and got infected by a trojan created by the so-called hacker.
Google Bifrost or Poison Ivy for more information about “RATS” (Remote Administration Tools).
It’s called PLR (Point of Least Resistance), and that’s the user in this case, not Gmail.

By: Faust-C

Faust-C — Thu, 06 Nov 2008 13:57:09 +0000

Hmm I feel this was more than a ‘hack’. Considering all web mail sites have a limited amount of password fails, there maybe something more sinister at play. Then again I don’t use certain items and am uber paranoid.

By: Angelo R.

Angelo R. — Thu, 06 Nov 2008 05:36:16 +0000

Oddly enough this sounds almost exactly like a previous hack that was floating around for gmail. However, instead of directly gaining access to a gmail account, a bookmarklet was created that would create a filter in gmail.

In that way, the perpertrator could get around needing to know your gmail password and just hope you clicked it.

As far as I know, that bug was reported fixed a long time ago.

By: Jojo

Jojo — Thu, 06 Nov 2008 04:59:58 +0000

Which is why you should not use web email accounts for domain control. It seems to be much easier to hack a web account than a POP3 account.

By: venkat

venkat — Thu, 06 Nov 2008 04:01:56 +0000

Is is really sad that Makeuseof Hacked its one of my favorite sites like this ,a strong password not safe enough in case of Makeuseof then what I have to follow in case of passwords as my site is not famous though to get hacked,but its good to have by applying strong passwords and changing passwords often might help.It will be nice if you article how bloggers should approach so that these kinds of things not happen again.

By: Stephen

Stephen — Thu, 06 Nov 2008 03:55:41 +0000

Was it a Pailn hack? (i.e. If your password was that secure, was it your security question that was the open window?)