Results 1 to 7 of 7
  1. #1
    New Lounger
    Join Date
    Jul 2002
    Posts
    5
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Wireless Hotspot compromised

    Hi all
    While on holiday in Turkey I used a local bar's wireless hotspot, on returning home I noticed that an email had been sent from my BT Yahoo email account to everyone in my address book. I know it was sent from my account because it is in my sent items. The email has the subject of "More Happines" and the email is below. No more emails like this were sent before or after while using this hotspot
    hi friend
    i introduced a good friend to you
    they sell thousands of new original electrical products
    such as phones computers tvs ....
    <ele2006.net>
    hope you like it , and make friends with them too
    regards

    I have checked my laptop for viruses and use Microsoft Security Essentials and also scanned my laptop with Malwarebytes.

    I would like to know how they did this and how I can prevent them doing it again as I will need to use the same hotspot in the future
    Regards Kelvin

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Having a S/W firewall with inbound and outbound protection enabled might stop your PC from sending Spam to your contacts. I use the Online Armor++ S/W firewall. Keeping everything updated and booting to safe mode without networking to find the nasties may help. I believe some of these nasties actually corrupt the security apps, so having a clean copy of Malwarebytes, etc, on a flash drive may help to clean your PC.

    Once cleaned, create Images and recreate new Images when changes are made to your system will help to restore to a clean system if you do get infected again.

    I like the multilayer approach to security. I have to admit, I have never used any hotspots outside the US, so unsure what you might have experience. My security includes:

    All apps and OS kept up to date with updates

    MSE running in real time (remember no AV/AM app can catch everything, esp. new threats)

    S/W Firewall as indicated above.

    H/W firewall on my router (this will probably be unavailable in your environment, but who knows)

    I always clean all web surfing history and cookies upon exit, and regularly use CCleaner to clear temp. stuff.

    I use Last Pass to store passwords, auto fill stuff, etc. so I do not have to type passwords.

    I hope this helps you. Good luck.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    It's likely that they simply caught your server and authentication info since it is sent over the wireless network in an unencrypted way. One way to prevent it, if that is the case, would simply be to change your login details to the account, making sure you use a hard to guess password and checking that, if there are mechanisms for you to recover access to the account, such as an alternate email address, that they keep the data you originally set. Also, if you have stuff like security questions and such, better change them too.

    Accessing wireless networks in such unsafe surroundings is always risky. Using a VPN, which uses encryption, is always recommended when using a non trusted wireless network. There are (paid) services that allow you to use a VPN, which may be worthwhile if you expect to be using your laptop in similar circumstances.
    Last edited by ruirib; 2011-09-08 at 06:33.

  4. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    I agree with ruirib.

    BT Yahoo is a Webmail service, so it is highly likely your login credentials were sniffed off the public access WiFi.

    If you haven't done so already, change your BT Yahoo login password. Then consider if you use the same password on any other sites. Re-use of the same compromised password could lead to further a break-in to other accounts.

    Specifically, if you use the same password for online banking, Paypal, eBay etc, take immediate steps to verify your accounts are untouched and secure.

    Then change the password on any other accounts that used the same pasword and consider the use of random password generators.

    If you absolutely must use the same WiFi access point in future, use a VPN as ruirib suggests. To be honest I would avoid that access point like the plague - next time, they may mount a much more aggressive attack on your machine rather than simply sniff the data over the air.
    Last edited by Tinto Tech; 2011-09-08 at 11:40. Reason: Clarification in last paragraph.

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Your account was used only while you were at the hotspot?

    Some sites cloak your login using SSL, but then have you continue to use the site without SSL. Because the rest of your session is not secured, a third party in the range of the hotspot can impersonate you in your active session even without knowing your true password simply by mimicking your session credentials. Apparently this is not rocket science: remember the furor over the "Firesheep" add-on?

    Many sites allow you to force your entire session to SSL; look for that option. If Yahoo mail doesn't have that option, first, complain, and second, look for one of the add-ons that forces SSL.

    More info: Cloak your connection to foil Firesheep snoopers.

  6. #6
    New Lounger
    Join Date
    Jul 2002
    Posts
    5
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks Guys Yahoo mail does not seem to have an SSL option so I guess my only option is to look at VPN, has anyone got links that will help me but in simple terms and also a service that is cheap or pay-as-you go as I would only need it 4 times a year, also are there risks in using an iPad in this sort of situation

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by kelvinmc View Post
    Thanks Guys Yahoo mail does not seem to have an SSL option so I guess my only option is to look at VPN
    Recent thread on that: Best VPN Service?

    Edit: By the way, someone has said if you just add an s after http (i.e., https://) then Yahoo will stay in a secure session. (how do I force HTTPS: with yahoo mail) Haven't tried it myself.

    Edit #2: Okay, tested that, and it works but the certificate isn't valid for the server name I'm using, so perhaps that's why Yahoo doesn't do it automatically.
    Last edited by jscher2000; 2011-09-08 at 15:01. Reason: Added note.

  8. The Following User Says Thank You to jscher2000 For This Useful Post:

    kelvinmc (2011-09-08)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •