Results 1 to 6 of 6

Thread: Is it possible for malware/TJ-retrieved passwords...

  1. #1
    cyberjunkie Guest

    Default Is it possible for malware/TJ-retrieved passwords...

    Hello,

    From time to time, I notice that my GMAIL logs out before its supposed 2 week set time.

    A month ago, my PC ran into BSOD twice. So I upgraded hard drives, etc. However, this week I found out online that malware Alureon caused a lot of recent BSOD and was named a critical threat to Microsoft Windows exploit for 32 bit computers.

    In any case, my question is: Could hacked passwords spoof the victim's IP address and log in to their email account, so that the victim would hardly noticed that their email was logged in elsewhere because GMAIL's IP details indicate it? ... Is this a plausible situation?

    Thanks,
    CJ

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: Is it possible for malware/TJ-retrieved passwords...

    Quote Originally Posted by cyberjunkie View Post
    Could hacked passwords spoof the victim's IP address and log in to their email account, so that the victim would hardly noticed that their email was logged in elsewhere because GMAIL's IP details indicate it? ... Is this a plausible situation?
    Yes, everything is possible. The key issue is to ensure your password is not known to anyone else than you.

    Have an indepth cleaning of the system with ALL the tools suggested here:
    http://forums.zonealarm.com/showthread.php?t=70448

    Ensure your system does NOT contain any vulnerable or exploitable software: http://secunia.com/vulnerability_scanning/personal

    Keep your ZAX updated. Move to the latest beta version while waiting for the official release.

    ....and finally change your gmail password.

    Unless you are targeted by CIA, FBI or M7 you should be OK!

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    cyberjunkie Guest

    Default Re: Is it possible for malware/TJ-retrieved passwords...

    Thanks... That last line was funny... if that were true, I wouldn't need to change my password, do I? ... since it would only be futile....

    and, psst... yes, they are after me...

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: Is it possible for malware/TJ-retrieved passwords...

    Quote Originally Posted by cyberjunkie View Post
    Thanks... That last line was funny... if that were true, I wouldn't need to change my password, do I? ... since it would only be futile....

    and, psst... yes, they are after me...
    Hacker can only spoof password if this is sent in clear (i.e. no SSL). As far as I know GMAIL communication is fully in SSL. So, NO. If the hacker does not know your password and both your system and gmail have not been hacked then.... NO WAY, you are safe!

    Understood?

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    cyberjunkie Guest

    Default Re: Is it possible for malware/TJ-retrieved passwords...

    Hi Fax,

    That's interesting...

    A few days ago, I was reading old articles about Hush and S-mail (first time I heard about them)... From my understanding, they're the most secure because the emails sent are encrypted (PGP, I believe)... The articles seem to suggest that PGP-ecrypted mail are secure from beginning-middle-to-end. In other words, I think the articles were saying that even with SSL connection to email account, IN-BETWEEN email journey could be intercepted.

    Anyways, if you know anything more about these email systems, I'd be happy to hear a bit about it.

    Thanks,
    CJ

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: Is it possible for malware/TJ-retrieved passwords...

    Quote Originally Posted by cyberjunkie View Post
    I think the articles were saying that even with SSL connection to email account, IN-BETWEEN email journey could be intercepted.
    Everything can be intercepted but not decoded, i.e. just useless data
    The weakest link is at the beginning --> THE USER and at the end --> THE PROVIDER.

    Assuming your provider is not hacked, you only have to check your are clean.

    Security consciousness is good, paranoia not.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Repeatedly prompted for passwords
    By timmyzone in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: October 11th, 2009, 12:44 PM
  2. Passwords not being retained?
    By cellarmaster in forum Access Issues
    Replies: 1
    Last Post: July 19th, 2009, 03:19 AM
  3. Zone Alarm And Passwords
    By andrew_temp in forum Security Issues
    Replies: 1
    Last Post: February 20th, 2008, 09:17 PM
  4. ZA does not remember passwords ???
    By ricky_d in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: August 19th, 2006, 12:02 AM
  5. Separate Passwords
    By mattswallow in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: January 21st, 2006, 08:29 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •