who is it

Discussion in 'Computer Security' started by zxspectrum, Feb 16, 2007.

  1. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Recently my myspace account has been hacked, now i know the first on was my fault as i retyped my password unexpectedly into what i thought was the sites official request. So ive had loads of messages sent from that etc. So now ive changed my password and its happened again but i know this time that ive not typed my new password into any dodgy places etc.

    Ive been told its the techys from the uni as they have access to all our passwords. Could there be any truth to this or is it just scaremongering???

    Eddie
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  2. dales

    dales Terabyte Poster

    2,005
    51
    142
    when you goto myspace do you use your own computer, if not anything might be installed on it, also have you checked your comp for viruses or spyware, (thinking keylogger), not too hot on website security but I notice that myspace doesnt have https at the login page so I'm assuming that it would be easier to intercept the data.

    If so though I believe they are breaking the data protection act by doing so.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  3. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,139
    555
    383
    I doubt if it's the tech's from the Uni as:
    1. If they're anything like the Higher/Further education establishments I've worked in, imagine monitoring all the 1000's of students (all the network packages that 1000's of students would generate) &
    2. You just don't get the time when you work in education (but then again they may have nothing better to do - doubt it though).

    However I wouldn't put it pass another "bright" student who thinks it's cool to tamper with PC's that aren't theirs by putting a keylogger (like Dale said) on a PC (we've had a couple of instances when that's happened - "unauthorised software" on our PC's).

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
  4. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Im with you, im going to scan my computer and see if anything shows up, but i mainly use the net at uni and thats why i was asking.

    Is there anyway i could trace them??

    Eddie
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  5. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    its not just that. by not using https, then the passwords are transmitted cleartext across the network. all it needs is someone sitting on the same subnet as yourself with a packet interceptor in order to read all the data you are sending out.

    id maybe check the password question and answer, since its possible they have hold of that, which would allow them to break into your account whenever they wanted to, although i cant remember how myspace works.

    As for tracing them, not really. Myspace will log the IP of every login, and it can be used to trace back to an ISP, which would be able to tell you the account that the ip belonged to at the time. if the account was your uni you could then probably get them to relay which user account sent the packet at that specific time since that kind of data would be logged. However, you would need a police warrant to obtain a good chunk of that information i believe, since data protection would prevent at least the ISP from releasing the accountholder information.

    As for breaching the DPA with myspace, im not so sure on that one. For a start, myspace is hosted on american servers and so isnt actually subject to uk law. At least thats my understanding of the current situation. otherwise we would be able to arrest and prosecute people from africa and other nations where their laws dont meet ours which allows them to post sites that are classified as illegal content in the uk.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  6. zxspectrum

    zxspectrum Terabyte Poster Forum Leader Gold Member

    2,092
    216
    244
    Just been cheching the HTTp thing on myspace and it does use it. The way i gave away my old password was by logging in to a dummy screen etc, so this is why im baffled as i didnt do on the second occasion

    Eddie
     
    Certifications: BSc computing and information systems
    WIP: 70-680

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.