• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Have I been hacked here?

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    #21
    Thanks Admin. Looks like I should be OK. I do get email from Google when I log in on a previously unknown device. No, there is nothing in the G Drive that granny wouldn't approve of. Thanks again.
    Public Service Posting by the BBC - Bloggs Bulls**t Corp.
    Officially CUK certified - Thick as f**k.

    Comment


      #22
      Originally posted by Lance View Post
      there's some new malware that extracts passwords from your browser. I've not read into it too much yet as been busy.

      https://www.us-cert.gov/ncas/alerts/TA18-201A
      Best to not allow your browser save your passwords for that reason. Lastpass and keypass seem ok free password managers.
      Down with racism. Long live miscegenation!

      Comment


        #23
        Originally posted by NotAllThere View Post
        Best to not allow your browser save your passwords for that reason. Lastpass and keypass seem ok free password managers.
        Oooops...............
        Public Service Posting by the BBC - Bloggs Bulls**t Corp.
        Officially CUK certified - Thick as f**k.

        Comment


          #24
          Originally posted by NotAllThere View Post
          Best to not allow your browser save your passwords for that reason. Lastpass and keypass seem ok free password managers.
          Indeed.
          I downloaded a tool called WebBrowserPassView. It's one of the tools used by the malware I posted.
          I was surprised to see that it slurped, and displayed in clear text, all my browser passwords without challenging me for admin rights. At the very least I'd expected UAC to prompt me.
          Only Edge browser wasn't available for this tool. whether that's due to improved security or the tool not having been altered yet I don't know.


          Not sure about password managers that keep the data in the cloud though. I'm a huge fan of cloud except for storing passwords. I use 1Password as that keeps me in control of the encrypted DB.
          Either way though don't store passwords in the browser....
          See You Next Tuesday

          Comment


            #25
            The desire to watch porn died with my boyish good looks
            Sites do get hacked. Despite my boyish good looks (hmm!) I was looking at xnxx.com a few months back and got a pop up saying I was viewing illegal material, didn't read the rest, just closed the browser. No problems. Pretty sure searching for "fat lesbians" is not illegal.
            bloggoth

            If everything isn't black and white, I say, 'Why the hell not?'
            John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

            Comment


              #26
              Best to not allow your browser save your passwords for that reason
              Indeed. Not a good idea to have it save UIDs or other details either. While I normally use Chrome, for anything sensitive like bank accounts, I use Edge and have it set to always clear all cache etc. Got various protections anyway.
              bloggoth

              If everything isn't black and white, I say, 'Why the hell not?'
              John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

              Comment


                #27
                Originally posted by NotAllThere View Post
                Best to not allow your browser save your passwords for that reason. Lastpass and keypass seem ok free password managers.
                Safari (Mac for the avoidance of doubt, though of course the Windows version vanished years ago) uses the system keychain to save passwords, etc. If you get something on your machine that can crack that then it's game over anyway, not just for you but for Apple's entire range of operating systems.

                So I assume the malware described works for browsers that try to reuse the same password-saving mechanism across platforms, such as Firefox and maybe Chrome.

                Or perhaps it affects IE and/or Edge, though I would have thought they integrate with Windows' equivalent of the system keychain after the manner of MacOS.

                Comment


                  #28
                  I could be wrong and talking complete balls. But I'm sure when I installed LastPass it imported my login/passwords from my browser. I remember thinking that doesn't seem very secure.

                  It could just be one of those cool story bro moments though.

                  Comment


                    #29
                    Originally posted by woohoo View Post
                    I could be wrong and talking complete balls. But I'm sure when I installed LastPass it imported my login/passwords from my browser. I remember thinking that doesn't seem very secure.

                    It could just be one of those cool story bro moments though.
                    Cool story bro..
                    'CUK forum personality of 2011 - Winner - Yes really!!!!

                    Comment


                      #30
                      Originally posted by woohoo View Post
                      I could be wrong and talking complete balls. But I'm sure when I installed LastPass it imported my login/passwords from my browser. I remember thinking that doesn't seem very secure.

                      It could just be one of those cool story bro moments though.
                      Exactly:
                      https://www.theverge.com/2017/3/22/1...flaw-passwords

                      And just for giggles:
                      https://www.securityweek.com/macos-h...in-access-flaw


                      If it isn't nailed down, somebody's gonna nab it.
                      Don't believe it, until you see it!

                      Comment

                      Working...
                      X