|
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
It may be too late for the original poster, but...
I suggest everyone associate an alternative email address to their gmail account as well as your mobile phone number. If someone tries to recover or change the password it will sent you email and SMS asking for your permission, and if you ignore it then they are stopped in their tracks. I get these alerts regularly. Gmail also has "unusual activity alert", for example if all of your normal logins are from Germany and then suddenly there is a login from China it can text you to warn you about it. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
As always with any server a weak password (using passwords at all, really...) is the biggest risk. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Why can't you block all access to your account from outside specified regions? That would be an obvious first step. Sure the hacker can use VPN, but once Google learns that all of the attacks are coming from a specific VPN they can block it.
|
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
Or maybe you use some funky access point, which has your connection show up at the other side of the planet (think satellite internet provided on planes, or de-localised internet on trains). |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
If you put a lock code on your home door and you forget it, it's your problem :) |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
You shouldn't be bothering about an intrusion that much since you've been handing over your mails to google anyway, which in my opinion is a worse intrusion than the one done by a chinese hacker kid.
|
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
Normal login for same country, requires verification question for other areas. Or secondary email confirmation. Me, I'd use a question from the latest read emails as security question, to prove you have access. E.g., type in the most used email address in your account. Or one of the last 10 read emails. That proves you had access last. Combined with password, you should be set. I have weird ideas. They don't know they're weird. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
2. I wouldn't want to be entering my login details that show my connection routing through China anyway |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
This is a little late, but my gmail was hacked as well. The very day I first installed the duplicate remover application for N900 and probably about the same time this thread was started. I still have no idea if that was the reason - figured I'd hear about it if there were others. I just missed this thread.
Other candidates for the security breach are Draugr.de -> gmail transport for using MSN over Gtalk. Nuevasync for getting exchange -> gmail support on the N900. I didn't raise an issue about this, since I had no idea of knowing where the breach happened. It would be interesting to hear what similar services other victims of hacking have been using. Hats off for Gmail though - the person who hacked my account used a script to send a single (russian) url to all people in my address book and Gmail stopped it because of suspicious behavior. The mail actually went into the "sent items" box of my gmail, so it somehow was sent explicitly through my gmail. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Update :
I used my N900 yesterday once more to access my gmail with microb, I entered the password, and today morning my gmail was hacked again from China. The password was brand new, so I am pretty sure it's related to the N900. I can feel a reflash coming... |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
|
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
If the hacker made changes to your email settings he could get your new password.
Still, if it's not that simple, could you get wireshark, and dump whatever is sent when you log in? it could help the community identify the problem while we gather rope and soap. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Hi,
I got tcpdump installed so i'll be sure to simulate this again. Maybe i'll be able to pinpoint it to a specific processes. And sure i'll make a backup. I think i'll create a new gmail account, just to log into it, allowing the hacker to sniff it's password. Thanks for the tip on the gmail security, I verified all the information there, it's all mine, and the new password is hell like. (: Eitam. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
this is pretty sketchy. last thing i want to find out is i have reduced battery life thanks to a spambot on my phone or something... maybe we should write some antivirus or anti-trojan style tools to see what tasks are running and check for suspicous activities like tcp/ip connections and whatever they use in linux to hook the keyboard input.
|
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
a) antivirus works on known viruses
b) anti-trojan tools work on known trojans Before anything is developed, we need to know what does and what. Running tasks are shown via "ps" command. TCP/IP is dumped via several tools, one being above mentioned tcpdump. c) the nature of Linux architecture makes this quite an undertaking, as keyboard access isn't registered, like in Windows, in order to deny it. I don't think it's even protected. I don't pretend to be an expert, but if "cat" has access to it, anyone has. Also, it doesn't need to be a running process. Viruses and trojans that have their own process aren't worthy of the name. They're all nuissanceware. d) all programs submitted to repos (AFAICT) are compiled server-side with open components. There is little need to grow an anti-something when code can simply be removed. e) all we have now (no offense) is anecdotal evidence. When we see some code we'll have a better understanding of what happens and why. Once we see how that data is leaking, we'll have something to grep the sources for. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Agree with all points apart from the first sentence of d).
Not all code is available to the autobuilder. e.g. the non-free packages. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
okay, well, i would agree but i actually meant using heuristics to find suspicious running processes. i thought there would be an easy way to see what is logging keys, and tcpdump doesn't give the process id because of a limitation of the libpcap driver it seems. netstat would work but i think it only shows current connections, and a keylogger doesn't usually remain connected i would think. well, i will keep thinking about this.
|
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Quote:
What bothers me is that we have only one case. |
Re: My gmail account has been hacked - I am pretty sure it's related to the N900 somehow
Google has this 2 step verification to prevent your gmail account from being hacked.
Someone attempted to hack mine few months back and good thing I was able to use their 2 step verification. Basically in addition to your regular password, you have to enter a one time code generated on an app on your smartphone (iPhone, Android, blackberry). For complete and detailed instructions, you can go here http://darktips.com/how-to-protect-y...-from-hackers/ |
| All times are GMT. The time now is 03:56. |
vBulletin® Version 3.8.8