[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Email provider for privacy-minded folk

On Mon, 18 Feb 2013 23:51:58 -0700
Jim <Jimmymac@xxxxxxxxxx> wrote:

> Mysterious Flyer wrote:
> > Ummmmm.  I am the REAL mysteriousflyer@xxxxxxxxxx  I guess it's super-duper easy for a person's user names and passwords to get hacked when accessing e-mail over Tor.  I also noticed that someone has been reading my gmails (since they were marked as read), so I changed my password over there and will never access gmail through Tor again.  Someone ALSO made a copy of my debit card and tried to use it in another state, but that may be coincidence.  Does anyone have any knowledge as to HOW a hacker may get this information?  Is it through an exit server?  
> Joe Btfsplk already discussed the ability of exit nodes to sniff 
> unencrypted traffic.  I would also point that the attacker didn't 
> necessarily use Tor to crack your email account(s).
> Just as a data point  which may or may not be relevant for your case, 
> last  year I advised *two* friends that I suspected their email accts 
> had been compromised.  I was getting spam under their user names.  While 
> I am aware that it is trivial to spoof "From" addresses, in both cases 
> there were details about the emails that made me suspect they came from 
> the actual accts rather than merely spoofed headers.  In both cases my 
> friends checked and indeed their accts. had been compromised.  Neither 
> person had any idea how their acct. got compromised and I am reasonably 
> sure neither had ever used Tor.  Both swore they had not been phished. 
> One had a Hotmail acct. and I think the other used mail.com.  

Both Hotmail and Yahoo have had worms circulating for a year or so that propagate via their logged in account; it is triggered by opening a malicious email.  Also, many passwords are easy to guess based on info in people's linked social media accounts or even just commonly used passwords.
In all cases it is advisable to change the account password, ensure your operating system and browser are up to date, and engage some sort of javascript safety checks (such as NoScript).  Sadly, there are few HTML-only javascript-free webmail sites anymore.

Yahoo's answer page if your account is sending spam:

> My point 
> is that attacks against email accts. w/o using Tor to do it is 
> apparently commonplace, something that seems to be confirmed in that 
> "Abuse at Scale PDF that a Google employee linked to from this list a 
> while back.
tor-talk mailing list