1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Reminder For Everyone (Email & Forum)

Discussion in 'BlackHat Lounge' started by blackhatmember, Feb 1, 2012.

?

Advise Are Only Useful When Followed

  1. I am a good boy & I have done what was suggested !

    0 vote(s)
    0.0%
  2. I am an idiot who will only do this when it is too late !

    0 vote(s)
    0.0%
  1. blackhatmember

    blackhatmember Newbie

    Joined:
    Jan 15, 2009
    Messages:
    18
    Likes Received:
    4
    Occupation:
    Building Trust
    Location:
    The World Of Blackhat
    Hi all,

    My gMail account was hacked last night at 3AM by an IP from Germany.

    Tips for you to do now!
    1. Use email forwarder like akapost[dot]com for forums, online forms, etc.
    2. For forums, Under General Settings or Edit Options: Uncheck the "Allow vCard Download" Because if you want to keep your email address private, do not allow vCard downloads!
    3. Use a different password for different forums, use an excel to manage.

    And if all the above fails and your gmail account still got hacked into, I hate to do this and hate to say this but you have to change your gmail password !

    I've done all of the above.
     
  2. ADHD-Dude

    ADHD-Dude Power Member

    Joined:
    Apr 17, 2010
    Messages:
    592
    Likes Received:
    119
    So you where using the same password on multiple accounts that shared the same email address
    :You_Rock_
     
  3. Amsterdammer

    Amsterdammer Power Member

    Joined:
    Aug 9, 2011
    Messages:
    515
    Likes Received:
    563
    I know getting hacked is not fun but may I suggest another approach?

    1. You get a proper account like Yahoo or Google. Google doesn't send your IP when sending out emails.

    2. Take a 10 symbols pass or longer, a different one for each forum. Make sure is it dictionary proof and replaced every 6 months at most. Also make sure to use caps numbers and symbols.

    3. If your email does get hacked. Be sure to replace your secret questions. Also check for recovery email changes and email forwards.

    4. Your recovery question answers should not make any sense, e.g. What is you mothers maiden name? Answer: My dog likes popstickles.
    Please also apply this simple rule on other questions like your birth date for instance...
    This is to prevent social hacking. Some people will actually befriend you to find out your secret questions during a seemingly harmless convo.

    A 10 letter pass can be bruteforced in a matter of a few hours. Having a temp blockout with too many failed logins is a must these days.
    It will still not protect you from getting hacked though. It will just slow down the progress.

    Having your mail forwarded doesn't seem to add any extra security for me. No offense intended. :)

    Just my 2 cents. Hope it helps. :)
     
    • Thanks Thanks x 1
    Last edited: Feb 1, 2012
  4. blackhatmember

    blackhatmember Newbie

    Joined:
    Jan 15, 2009
    Messages:
    18
    Likes Received:
    4
    Occupation:
    Building Trust
    Location:
    The World Of Blackhat
    i was using the same password for all accounts, yes... WAS, not anymore. :p
     
  5. blackhatmember

    blackhatmember Newbie

    Joined:
    Jan 15, 2009
    Messages:
    18
    Likes Received:
    4
    Occupation:
    Building Trust
    Location:
    The World Of Blackhat
    no problem, no offense taken.. I'm sure to be dead in 80 years, where's the fun living so long anyway... life is to short to care about negativity.

    focus on the goodies, someone mentioned to use 2 step verification, so if a different ip logs in, they will be forwarded to input a code received from an sms.

    Peace
     
  6. Amsterdammer

    Amsterdammer Power Member

    Joined:
    Aug 9, 2011
    Messages:
    515
    Likes Received:
    563
    I am glad you took my previous post in the spirit it was intended. :)
    I also hope to kick that bucket before you do. 80 years longer is way longer than I had planned to stick around for.

    The 2 step system is used by my bank for authentication and seems very safe indeed. The rest of the system I have some doubts on but this part is sound. (Provided you use a mobile that is set to UMTS only.)

    To use it on email however? To need a new number for each email? Not so sure about that.
    But to have the option might be helpful to some. Not all are privacy freaks like me and have 10+ emails for regular life. :p