Page 1 of 6 1 23 Last »
Reply
Thread Tools
eitama's Avatar
eitama is offline eitama
2010-06-20 , 07:29
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#1
Hello guys,

I am an owner of a gmail account right from it's launch,
I have been using it daily since then, and never got hacked.
My password is comprised of digits, capital letters, lower-case letter.

3 Days ago, I was forcefully signed out of my account, when I tried to log in, my password was rejected.
I had to reset it using an alternate e-mail pre-configured.

I always use SSL, and never access gmail when SSL is not available. (or if something is odd with the certificate).

The purpose of this thread is to find out if anyone else suffered from this!
Details :
  • Account was hacked 3 days ago
  • Hacker IP : 58.49.183.79
  • Source location : China

Cheers,
Eitam.
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
debernardis's Avatar
debernardis is offline debernardis
2010-06-20 , 07:57
Posts: 2,142 | Thanked: 2,054 times | Joined on Dec 2006 @ Sicily
#2
A quick google search brings this:
http://www.google.com/support/forum/...e9b05271&hl=en
and this
http://www.guardian.co.uk/technology...-china-hacking
__________________
Ernesto de Bernardis
 
CrashandDie is offline CrashandDie
2010-06-20 , 09:34
Posts: 336 | Thanked: 610 times | Joined on Apr 2008 @ France
#3
1/ SSL is always used by Google when authenticating, in other words, your password is never sent out in clear.
2/ The same is true for the N900's connection to Google. I remember, at the early days of GMail, it being such a pain in the *** because they required TLS and the lot.
3/ You probably used the same password somewhere else.
4/ Don't blame the N900.
5/ Stupid topic
6/ ???
7/ Profit.
 
eitama's Avatar
eitama is offline eitama
2010-06-20 , 10:24
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#4
Originally Posted by CrashandDie View Post
1/ SSL is always used by Google when authenticating, in other words, your password is never sent out in clear.
2/ The same is true for the N900's connection to Google. I remember, at the early days of GMail, it being such a pain in the *** because they required TLS and the lot.
3/ You probably used the same password somewhere else.
4/ Don't blame the N900.
5/ Stupid topic
6/ ???
7/ Profit.
LOL.
If you payed attention to my choice of words, you would see that it's not ranting, and not complaining but an attempt to find a hacker that might by running a keylogger on your N900.

As for you comment,

1/ SSL is always used by Google when authenticating, in other words, your password is never sent out in clear.
Unless someone does man in the middle to you, in such case, your password is not only sent as clear text, but also arrives into your hackers hand with zero effort on his side.

2/ The same is true for the N900's connection to Google. I remember, at the early days of GMail, it being such a pain in the *** because they required TLS and the lot.
Same response. If someone doesn't pay attention to the existence of SSL per session, he can find himself running through a man in the middle attack. TLS is not so different then SSLv3

3/ You probably used the same password somewhere else.
I most definitely don't.

4/ Don't blame the N900.
I was not blaming the N900, not it's hardware, and not the OS.
I was raising a perfectly valid question, "Is someone taking advantage of the extras-devel repo, to run a tap on your keystrokes? If you look at my signature you will see that not only that I take advantage of the N900's HW and OS, I am also contributing back to the community, so what exactly have I done or said to deserve such a violent response from you?

As for 5,6,7 they don't deserve a proper comment.
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
eitama's Avatar
eitama is offline eitama
2010-06-20 , 10:28
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#5
Originally Posted by debernardis View Post
A quick google search brings this:
http://www.google.com/support/forum/...e9b05271&hl=en
and this
http://www.guardian.co.uk/technology...-china-hacking
Thanks for the info, I am not trying to find the hacker himself, or his address, hackers will come and go.
Just to raise the fact that things can happen, and in an uncontrolled environment like the extras-devel repo, someone can take advantage of this open & vibrant community.
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
debernardis's Avatar
debernardis is offline debernardis
2010-06-20 , 10:31
Posts: 2,142 | Thanked: 2,054 times | Joined on Dec 2006 @ Sicily
#6
@Eitama: maybe you should list the applications you installed, so that it's possible to find the culprit
 
eitama's Avatar
eitama is offline eitama
2010-06-20 , 10:35
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#7
Originally Posted by debernardis View Post
@Eitama: maybe you should list the applications you installed, so that it's possible to find the culprit
I will most definitely do that, once someone else who also had suspicious activity occur after using the N900's extras-devel repo is found, no point rambling about it just yet

But thats the idea.
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
CrashandDie is offline CrashandDie
2010-06-20 , 12:14
Posts: 336 | Thanked: 610 times | Joined on Apr 2008 @ France
#8
Well, if you're running devel, it's your own sad fault.

I still remain very doubtful anyone is running a keylogger, especially someone from China, etc.

Here's something. if you find a keylogger in any app in the repo, I'll give you $50. I'm pretty sure any other platform is way more likely to attract spyware and keyloggers.

Deal?

Also, please check my background (profile), I'm not your average user with regards to security. Even MITM won't break SSL or TLS, considering that they can't have the private key of a certificate issued for mail.google.com, or whatever the domain is. It's the whole point of SSL and TLS, is that the only way for an attacker to trump your browser without showing any warning sign would be to have compromised your client with a self-signed root cert.

Don't sprout things which aren't true, please.
 
eitama's Avatar
eitama is offline eitama
2010-06-20 , 12:32
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#9
Originally Posted by CrashandDie View Post
Well, if you're running devel, it's your own sad fault.

I still remain very doubtful anyone is running a keylogger, especially someone from China, etc.

Here's something. if you find a keylogger in any app in the repo, I'll give you $50. I'm pretty sure any other platform is way more likely to attract spyware and keyloggers.

Deal?

Also, please check my background (profile), I'm not your average user with regards to security. Even MITM won't break SSL or TLS, considering that they can't have the private key of a certificate issued for mail.google.com, or whatever the domain is. It's the whole point of SSL and TLS, is that the only way for an attacker to trump your browser without showing any warning sign would be to have compromised your client with a self-signed root cert.

Don't sprout things which aren't true, please.
The likelihood of this happening on Maemo5, is indeed little,
and still it CAN happen, and there is no reason not to investigate, or check it.
There is even less of a reason to bash me for raising it, if you don't like the idea, or thing it's impossible, you can express you opinion politely, or remain silent at your corner of the world.

As for the application in extras-devel, it can alter an existing bookmark, to point to http://www . gmail . com, and insert a record in your hosts file.
You will not get a warning for a compromised certificate cause there won't be ANY certificate.
Just cause you have not thought of a way to achieve a fraud, doesn't mean it doesn't exist.

I don't need to check your profile to know that you are not the only person in the world that knows something about something.
Open your ears. you might learn something new one day.

Now please go away.
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
CrashandDie is offline CrashandDie
2010-06-20 , 12:47
Posts: 336 | Thanked: 610 times | Joined on Apr 2008 @ France
#10
TLS clients will bork if they connect to a host that does not offer a certificate. Typing your username/password on a page that is not secure deserves you to get your account hacked.

Nuff said.
 
Reply
Page 1 of 6 1 23 Last »

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 17:40.

Contact Us - Home - Archive - Top