# Caution with web based e-mail services



## jfschultz (Jan 5, 2009)

My wife received an e-mail today from a “cousin stuck in London” and in need of $2500. The email contained enough of his personal information (address, phone number, interests) to make it seem legit.

A quick phone call found him at home and he already knew of the problem. His Hotmail account was hijacked, so all the information he had recorded on-line was now available to the hijacker.

So, if you use such a service, keep any information there to a minimum.


----------



## Zeno333 (Jan 5, 2009)

One also needs to practice caution using any of the major IM programs at a public library...

Hackers add on software to the library PC that records one login name and password, then they retrieve it and foul up your yahoo mail and Yahoo IM for example. yahoo news a couple of years ago had an article all about the scam.


----------



## Wannabee (Jan 5, 2009)

A missionary friend had this happen a couple of months ago too. It was similar, someone claiming to be him stranded in London and in need of cash. I replied and received what seemed a credible response, though I knew him well enough to know it was bogus. Curiously, his was on Yahoo as well.

If, for some reason, you do have to use a public service for email, make sure you log out before leaving.


----------



## fredtgreco (Jan 5, 2009)

Might I suggest that the best course of action if you are to use a public library is to get a USB stick (a small 512MB-1GB will do, and they can be had for $5 now) and put a portable web browser like Firefox (is there an Opera version?) on it. That way you are not even running a program on the machine.

Portableapps.com has a whole suite that can be installed on a USB, that will include an antivirus.

PortableApps.com - Portable software for USB drives


----------



## Pergamum (Jan 6, 2009)

Can someone do this if you DO NOT use a public library? If I stay away from libraries and unsecure wireless networks, can they still get into my hotmail?


----------



## Timothy William (Jan 6, 2009)

Yes there is a Opera portable version.

I encountered a problem doing this; I had XB Browser on a USB stick, and used it when logging into my online banking from various locations. My bank's security people realised that logins were coming from a whole range of IP addresses, thought the account might have been hacked, and locked me out of online banking.


----------



## Rocketeer (Jan 6, 2009)

Pergamum said:


> Can someone do this if you DO NOT use a public library? If I stay away from libraries and unsecure wireless networks, can they still get into my hotmail?



That depends on how tight your computer's security is and how much of a target you are on one hand, and how good your personal security conduct is on the other. Let me explain.

If you run a computer with any Windows version on it which is connected to the Internet, a sufficiently knowledgeable and determined person can get in 100% of the time. If you have no firewall/virus scanner even a bot/virus/worm/trojan/whatever can get into Windows, so buy one if you don't have one. As for hackers hacking into your PC, all Microsoft software is notoriously vulnerable to human attacks (Windows XP has somewhere near 200000 reported and fixed security holes to date); the question is here if you present enough of a target for them, i.e., are you (inter)nationally well known, or do you have geeky enemies, etc. etc.. If you are running for vice president like Mrs. Palin was, you can bet someone will try to hack into your accounts; if you are not quite so well known, no one will bother, probably. If you are paranoid or important enough to care, you can switch to Linux, BSD or Solaris (I use the first, though for other reasons). Those work well, though you will have to learn how to use them, and of course, if you do not keep everything completely up to date, you are still vulnerable to human hackers; on the other hand, note that viruses do not exist for these OSes.

This basically boils down to: buy a firewall & virus scanner, and keep it up to date, if you haven't done so already.

The second thing is, you need to take good personal security measures; if you do not, your passwords can easily be cracked.
First, never use your e-mail password or your computer password (your PC is password protected, isn't it?) for any other service. For example, if you used the same password for your e-mail, _public or private_, for this board, and Rich was not the nice person we knew him to be, he could look up your password and log into your account straightaway. If you did do that, for this or any other service, take this cue, and change you e-mail account's password *immediately*.
Secondly, make sure your passwords are not trivial. Combinations of dictionary words are easily crackable; special programs exist for this purpose, even if you spell them backwards or use multiple dictionary words. For the same reason, do not use anything personal, such as place or date of birth, wife's maiden name, first name, children's names, father's place of birth, or any such things; social engineering can get those really easily, and you expose your account to any malevolent person (not necessarily hackers).
Thirdly, a good, strong, password is eight (8) or more characters long and exists of both numbers and letters; a good one would be, for example, 1Maas99tricht2, which is a jumbled up date and place, i.e., the Treaty of Maastricht, signed in 1992; another one would be 4Dan9iel0, which is a jumbled up version of Daniel's name and his Messian prophecy of the 70 year-weeks. Of course, you could also go for 4YerUk396, but that might be harder to remember.
Lastly, it is better to have a strong password which you need to write down and lock away, than a weak one which you can remember; hackers are almost never burglars, and a simple safe will deter them. On the other hand, make sure never, _never, *never*_*, *to write down the account name or the purpose of the password on the same page; burglars can become hackers, if you furnish them with the appropriate means.

Security is never as simple as it seems.


----------



## fredtgreco (Jan 6, 2009)

Timothy William said:


> Yes there is a Opera portable version.
> 
> I encountered a problem doing this; I had XB Browser on a USB stick, and used it when logging into my online banking from various locations. My bank's security people realised that logins were coming from a whole range of IP addresses, thought the account might have been hacked, and locked me out of online banking.



But this would happen even without the stick. The computer is a different IP. SO if you are going to use multiple locations (which I don't advise anyway) this problem will come up.


----------



## Semper Fidelis (Jan 6, 2009)

> This basically boils down to: buy a firewall & virus scanner, and keep it up to date, if you haven't done so already.


This is extremely important.

I recently swore off the free stuff and pay for Kaspersky Internet Security (which can be had for $25 for 3 licenses by an Amazon shop).

Many people have no idea how much malware and other stuff is on their computer. They download free software and their computer becomes a zombie for a hacker.

Stuff on the high side curled my toes and made me much more aware of the threat out there.


----------



## satz (Jan 6, 2009)

Semper Fidelis said:


> I recently swore off the free stuff and pay for Kaspersky Internet Security (which can be had for $25 for 3 licenses by an Amazon shop).



Is Norton any good ?


----------



## Timothy William (Jan 6, 2009)

fredtgreco said:


> Timothy William said:
> 
> 
> > Yes there is a Opera portable version.
> ...


The problem was that it was being routed through the global Tor network, so the IP address the bank saw changed every few minutes, and the addresses shown corresponded to all different countries. It wasn't the IP address of the public library rather than my usual home address which bothered them. What I needed to do was use a different portable browser, which was a shame as I liked the security and anonymity of XB.


----------



## Semper Fidelis (Jan 6, 2009)

satz said:


> Semper Fidelis said:
> 
> 
> > I recently swore off the free stuff and pay for Kaspersky Internet Security (which can be had for $25 for 3 licenses by an Amazon shop).
> ...



Yes: Retrospective / ProActive Test November 2008


----------



## fredtgreco (Jan 6, 2009)

Timothy William said:


> fredtgreco said:
> 
> 
> > Timothy William said:
> ...



Oh, I get you now. I have never really bothered with IP proxies or such.

-----Added 1/6/2009 at 11:04:45 EST-----



Semper Fidelis said:


> > This basically boils down to: buy a firewall & virus scanner, and keep it up to date, if you haven't done so already.
> 
> 
> This is extremely important.
> ...



Totally agreed. I use ESET because every time I installed Kaspersky it completely messed up my system (like have to restore a back up mess up).

I would also advise anti-Malware programs. You can get most for free without "real time" protection - that is, you just have to run them, they are not auto run and "shield" set up. But running one every week or so is probably fine.

Here are a couple of good ones:

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Malwarebytes.org

Even Windows Defender on Vista (NOT on XP) is pretty good.


----------



## Rocketeer (Jan 6, 2009)

While I use Linux (Gentoo) myself, I do administrate all the Windows PC's in the house (5), and I use ZoneAlarm here. I would recommend it because it's interface is much better than most other security suites; I have especially bad experiences with Norton and Kaspersky; the former is also difficult to upgrade, with an occasional hardcopy reinstall; ZoneAlarm is a lot simpler with creditcard payment and a simple download. The full suite also comes (amongst a host of features) with parental control options, which might be interesting for those with children. Security is good too, of course.

If you don't have an Internet Security Suite, download their demo, and I think you'll be impressed. Link: ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more.


----------

