Page 5 of 6 « First 34 5 6
Reply
Thread Tools
stlpaul is offline stlpaul
2010-06-28 , 21:13
Posts: 1,141 | Thanked: 781 times | Joined on Dec 2009 @ Magical Unicorn Land
#41
It may be too late for the original poster, but...

I suggest everyone associate an alternative email address to their gmail account as well as your mobile phone number. If someone tries to recover or change the password it will sent you email and SMS asking for your permission, and if you ignore it then they are stopped in their tracks.

I get these alerts regularly.

Gmail also has "unusual activity alert", for example if all of your normal logins are from Germany and then suddenly there is a login from China it can text you to warn you about it.
 
stlpaul is offline stlpaul
2010-06-28 , 21:16
Posts: 1,141 | Thanked: 781 times | Joined on Dec 2009 @ Magical Unicorn Land
#42
Originally Posted by ossipena View Post
I just wanted to check that because it would have been the most obivous source for hacking. it requires something as complicated as:
Code:
cat /dev/input/keypad
are there btw open security holes in ssh software available to N900?
I think N900 openssh is the quite old version 5.1, but should not have any exploited bugs (that are known).

As always with any server a weak password (using passwords at all, really...) is the biggest risk.
 
overfloat's Avatar
overfloat is offline overfloat
2010-06-28 , 23:10
Posts: 486 | Thanked: 173 times | Joined on Apr 2008
#43
Why can't you block all access to your account from outside specified regions? That would be an obvious first step. Sure the hacker can use VPN, but once Google learns that all of the attacks are coming from a specific VPN they can block it.
__________________
If you are unhappy with anything I say in the above post, tell it to the violin http://sadviolin.com
 
CrashandDie is offline CrashandDie
2010-06-29 , 08:51
Posts: 336 | Thanked: 610 times | Joined on Apr 2008 @ France
#44
Originally Posted by overfloat View Post
Why can't you block all access to your account from outside specified regions? That would be an obvious first step. Sure the hacker can use VPN, but once Google learns that all of the attacks are coming from a specific VPN they can block it.
And then one day you have to travel because of work or family, and you're locked out of your own email...

Or maybe you use some funky access point, which has your connection show up at the other side of the planet (think satellite internet provided on planes, or de-localised internet on trains).
 
eitama's Avatar
eitama is offline eitama
2010-06-29 , 09:00
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#45
Originally Posted by CrashandDie View Post
And then one day you have to travel because of work or family, and you're locked out of your own email...

Or maybe you use some funky access point, which has your connection show up at the other side of the planet (think satellite internet provided on planes, or de-localised internet on trains).
Actually I liked the idea that was offered, it should be disabled by default, and caution should be used when applying it.
If you put a lock code on your home door and you forget it, it's your problem
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
acou's Avatar
acou is offline acou
2010-06-29 , 11:59
Posts: 136 | Thanked: 72 times | Joined on Jan 2010
#46
You shouldn't be bothering about an intrusion that much since you've been handing over your mails to google anyway, which in my opinion is a worse intrusion than the one done by a chinese hacker kid.
__________________
One day we will laugh about it...
 
ndi's Avatar
ndi is offline ndi
2010-06-29 , 16:53
Posts: 2,050 | Thanked: 1,425 times | Joined on Dec 2009 @ Bucharest
#47
Originally Posted by CrashandDie View Post
And then one day you have to travel because of work or family, and you're locked out of your own email...

Or maybe you use some funky access point, which has your connection show up at the other side of the planet (think satellite internet provided on planes, or de-localised internet on trains).
How about this:

Normal login for same country, requires verification question for other areas. Or secondary email confirmation.

Me, I'd use a question from the latest read emails as security question, to prove you have access. E.g., type in the most used email address in your account. Or one of the last 10 read emails. That proves you had access last. Combined with password, you should be set.

I have weird ideas. They don't know they're weird.
__________________
N900 dead and Nokia no longer replaces them. Thanks for all the fish.

Keep the forums clean: use "Thanks" button instead of the thank you post.
 
overfloat's Avatar
overfloat is offline overfloat
2010-06-30 , 10:19
Posts: 486 | Thanked: 173 times | Joined on Apr 2008
#48
Originally Posted by CrashandDie View Post
And then one day you have to travel because of work or family, and you're locked out of your own email...

Or maybe you use some funky access point, which has your connection show up at the other side of the planet (think satellite internet provided on planes, or de-localised internet on trains).
1. Not everyone travels and lots of US web services already limit access to only US connections, why not make it customizable.

2. I wouldn't want to be entering my login details that show my connection routing through China anyway
__________________
If you are unhappy with anything I say in the above post, tell it to the violin http://sadviolin.com
 
jaysire is offline jaysire
2010-07-16 , 13:26
Posts: 233 | Thanked: 170 times | Joined on Nov 2009 @ Finland
#49
This is a little late, but my gmail was hacked as well. The very day I first installed the duplicate remover application for N900 and probably about the same time this thread was started. I still have no idea if that was the reason - figured I'd hear about it if there were others. I just missed this thread.

Other candidates for the security breach are Draugr.de -> gmail transport for using MSN over Gtalk.

Nuevasync for getting exchange -> gmail support on the N900.

I didn't raise an issue about this, since I had no idea of knowing where the breach happened. It would be interesting to hear what similar services other victims of hacking have been using.

Hats off for Gmail though - the person who hacked my account used a script to send a single (russian) url to all people in my address book and Gmail stopped it because of suspicious behavior. The mail actually went into the "sent items" box of my gmail, so it somehow was sent explicitly through my gmail.
__________________
Read about my N900 experiences from my blog.
 
eitama's Avatar
eitama is offline eitama
2010-07-20 , 05:51
Posts: 702 | Thanked: 334 times | Joined on Feb 2010 @ Israel.
#50
Update :

I used my N900 yesterday once more to access my gmail with microb,
I entered the password, and today morning my gmail was hacked again from China.

The password was brand new, so I am pretty sure it's related to the N900. I can feel a reflash coming...
__________________
| Developer of Horizontal-Call - Call your contacts, fast! |
| Reverse SSH - access your N900 from anywhere, anytime |
| Using Samsung Galaxy S GT-i9000 and Nokia N900 |
| DonateMe - If you feel I helped you in a very good way, feel free to donate |
 
Reply
Page 5 of 6 « First 34 5 6

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 04:16.

Contact Us - Home - Archive - Top