Computers!!!

[nyyla]

Ok. Just a quick question for the techies out there. I know that internet emails such as yahoo and hotmail are able to be hacked into. However is it possible to have someone break into your Outlook Express email???

Hopefully someone could put my curiousity at rest...LOL
Thank You

Nyyla




www.executive-choice.com

 

[zoickss]

Nyyla - nothing is %100 safe if it is connected to the internet. Most hotmail and yahoo hacks are and easily guessed passwword - or a secret question that is answered too easily. To access your outlook they would have to do something like email you a trojan (program that lets them access your computer) from there they could do all sorts of things - Also if you don't constantly update from microsoft someone could take advantage of security flaws within the product. My advice stop using Outlook and switch to another program such as Eudora - If you are concerned this has happened or might happen to you - I suggest you consult with a wiz in security - someone like cybergoth here - sasha "The Bitch" hehe - Is another tech savvy person here that can likely get you set up safe and securely.

 

[Sasha Jones]

Well I migth not be the one to talk about switching from Outlook to another porgram for email. Although I don't really like Outlook express, I do use Outlook XP.

I know a ton of people don't like outlook due to security flaws etc but any program you use is going to have a flaw of some kind.

I use Oulook XP as well as AVG anti-virus ( http://www.grisoft.com) and I also operate my "daily use" computer behind a firewall. The only computer that is directly exposed to the internet is a computer used strictly as a gateway and has no important or relevant data stored on it.

Outlook Xp also filters out attachments that have "unsafe" file extentions this is the list of those from microsoft:

.ade Microsoft Access project extension
.adp Microsoft Access project
.asx Windows Media Audio / Video
.bas Microsoft Visual Basic class module
.bat Batch file
.chm Compiled HTML Help file
.cmd Microsoft Windows NT Command script
.com Microsoft MS-DOS program
.cpl Control Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.lnk Shortcut
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdt Microsoft Access workgroup information
.mdw Microsoft Access workgroup information
.mdz Microsoft Access wizard program
.msc Microsoft Common Console document
.msi Microsoft Windows Installer package
.msp Microsoft Windows Installer patch
.mst Microsoft Windows Installer transform; Microsoft Visual Test source file
.ops Office XP settings
.pcd Photo CD image; Microsoft Visual compiled script
.pif Shortcut to MS-DOS program
.prf Microsoft Outlook profile settings
.reg Registration entries
.scf Windows Explorer command
.scr Screen saver
.sct Windows Script Component
.shb Shell Scrap object
.shs Shell Scrap object
.url Internet shortcut
.vb VBScript file
.vbe VBScript Encoded script file
.vbs VBScript file
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file


This "feature" can be turned off if you so choose via a registry hack.

 

[CyberGoth]

micro$oft mixes code and data. the result is that you can embed commands in a mime-stream to tell outlook to do things [like run executables etc]

the auto preview mode not only shows the email contents but runs whatever activeX scripts are present etc.

bleah... bad architecture.

lotus notes is pretty good

 

[CyberGoth]

Ok. Just a quick question for the techies out there. I know that internet emails such as yahoo and hotmail are able to be hacked into. However is it possible to have someone break into your Outlook Express email???
www.executive-choice.com

specific answers:

hotmail/yahoo. both are trivial to abuse/hack/spoof/spam
neither has any even slight inkling of privacy. [BEWARE]

outlook:
yes. most macro virii, worms and trojans attack the core structures and libraries of outlook.

all of my clients have banned outlook enterprise wide because of the integrity/privacy/security issues.

AVG Anti Virus is really very GOOD. [thanks to the grrl who pointed it out to me]

suggestion:
use: eudora 5.1 or Lotus NOTES.

[I wont make any foolish assumptions about people learning linux, linux isnt ready enough for the common desktop but DAMN its good in the server room]

hey, has anyone heard from the terbgeeks lately??? they'd probably be good people to ask about this.

Cheers

 

[Cruise]

i dont get it

how did u get this list?

anyways, i think if hotmail is very safe.
if u feel like some one is using ur hotmail.
just change ur password. then noone will be able to get it again. and change the question that ask u when u forgot the password too.

my hotmail password is 12 charater longs. if u can guess, it will probably take longer than 5 mints

Well I migth not be the one to talk about switching from Outlook to another porgram for email. Although I don't really like Outlook express, I do use Outlook XP.

I know a ton of people don't like outlook due to security flaws etc but any program you use is going to have a flaw of some kind.

I use Oulook XP as well as AVG anti-virus ( http://www.grisoft.com) and I also operate my "daily use" computer behind a firewall. The only computer that is directly exposed to the internet is a computer used strictly as a gateway and has no important or relevant data stored on it.

Outlook Xp also filters out attachments that have "unsafe" file extentions this is the list of those from microsoft:

.ade Microsoft Access project extension
.adp Microsoft Access project
.asx Windows Media Audio / Video
.bas Microsoft Visual Basic class module
.bat Batch file
.chm Compiled HTML Help file
.cmd Microsoft Windows NT Command script
.com Microsoft MS-DOS program
.cpl Control Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.lnk Shortcut
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdt Microsoft Access workgroup information
.mdw Microsoft Access workgroup information
.mdz Microsoft Access wizard program
.msc Microsoft Common Console document
.msi Microsoft Windows Installer package
.msp Microsoft Windows Installer patch
.mst Microsoft Windows Installer transform; Microsoft Visual Test source file
.ops Office XP settings
.pcd Photo CD image; Microsoft Visual compiled script
.pif Shortcut to MS-DOS program
.prf Microsoft Outlook profile settings
.reg Registration entries
.scf Windows Explorer command
.scr Screen saver
.sct Windows Script Component
.shb Shell Scrap object
.shs Shell Scrap object
.url Internet shortcut
.vb VBScript file
.vbe VBScript Encoded script file
.vbs VBScript file
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file


This "feature" can be turned off if you so choose via a registry hack.

 

[CyberGoth]

the script kiddies [along with anyone who knows what a dictionary attack is] solved those hotmail challenges a long time ago. the russian hacker boards are chock full of this stuff.

once you can do an exploit manually, [or anything pretty much] you can package it up and automate it for convenience.

Threat Model [general internet]
75% [script kiddies]
20% [hackers [new definition not old one]
5% [professionals, indesp types on a payroll]

thats a pretty common threat model for who's hacking yer system most days.

[this does not take into account all those ex-kgb types who are job hunting]

 

[CyberGoth]

or REDHAT LINUX 8

or...

AMIGA

[gods I miss my AMIGA... that was a sweeet little box]

 

[Sasha Jones]

I got the list by doing a search on the internet. Doesn't anyone know how to use google anymore?

Just another reason to buy a Macintosh!

Why does everyone fool themselves into thinking that Microsoft is the only platform that people target and that if they buy a MAC or a Linux box they will be safe?

No this is not another reason to buy a macintosh. It is a reason to stop being lazy and learn how to protect yourself if you are really that worried about being hacked. It is a reason to stop opening every single attachment that comes in your email. If you are too lazy or too computer illiterate to learn how to protect yourself pay someone to do it for you or teach you how. If you can't bother to do that stop complaining.

There is not one OS out there that cannot be hacked by someone. So don't ever be fooled into thinking you are 100% safe. You may minimize your risk by switching to a MAC but trust me there are still little script kiddies out there who pride themselves on being MAC specific. There are "levels" of safe when it comes to computers on the internet ( or computers period for that matter) and 100% is not one of them.

 

[CyberGoth]

rootkits exist for everything.

when I do infosec audits, I test for an average of about 6000 vulnerabilities over 23 different platforms including AS/400s, Cisco IOS, SUN Solaris, etc etc etc etc

microsoft is targeted so often and so hard because Microsoft considers security to be a "marketing and public relations" problem.... not an architectural and operations consideration.

the minute product liability laws apply to software, microsoft [along with ALOT of other software companies] will face massive class action lawsuits for selling dysfunctional, buggy, flaky unreliable systems. [nobody is innocent of THAT]

it takes a while for legislative structures to catch up with technology.

and frankly, a computer is just a tool. [that runs the power grid, the subway trains, the oil infrastructure, the cooling system for the nuclear reactors, .... you get the picture, sometimes theres a modest public safety impact...]

and sasha is right, no system is totally secure. [a bribe can go a long way] hell, some systems should NOT be connected to networks at all. [stand alone finance systems are common for this reason]

just because the PC/MAC/Sun Workstation etc. came with a network adapter, doesnt automatically mean you have to plug something into it]

the most secure document handlling system I have ever seen, consisted of a Pentium 233 clone box, running dos, and word perfect 6.0 and was kept in a locked office and had a power on password that the guy changed every few days.

this guy is a lawyer client of mine. he never plugs anything into a network without thinking about what the risks and benefits are.

Threat Risk Assessment is a formalised practice.

Amateurs hack systems. Professionals hack PEOPLE.