How to Check If Your Account is Hacked..!
-
I found this article. http://www.windowstalk.org/2011/11/how-to-check-if-your-account-is-hacked/[^]
-
I found this article. http://www.windowstalk.org/2011/11/how-to-check-if-your-account-is-hacked/[^]
You've got to be kidding. Give some dodgy site your credentials to see if it knows your account is hacked? That is the hack. Okay. I took a look at the site, and it does give the option of submitting your credentials using a SHA-512 hash instead of in plain text. I've changed my initial 1 vote on the post to a 3. I still don't think it's a good idea, on general principles.
Software Zen:
delete this; -
You've got to be kidding. Give some dodgy site your credentials to see if it knows your account is hacked? That is the hack. Okay. I took a look at the site, and it does give the option of submitting your credentials using a SHA-512 hash instead of in plain text. I've changed my initial 1 vote on the post to a 3. I still don't think it's a good idea, on general principles.
Software Zen:
delete this;You don't have to give them your credentials. You can pass them an SHA-512 hash of your username or email address and they will check the list of usernames/emails they have harvested from the underground site flogging these lists. They can't exactly do much with that info can they.........direct link is to: https://pwnedlist.com/[^]
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
-
You don't have to give them your credentials. You can pass them an SHA-512 hash of your username or email address and they will check the list of usernames/emails they have harvested from the underground site flogging these lists. They can't exactly do much with that info can they.........direct link is to: https://pwnedlist.com/[^]
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
This sort of post normally raises an eye brow or two, but the pwnlist site could actually be useful! Yet I still hesitate to put my email in, anything related to warez or its affiliates I stay well away from...
-
You've got to be kidding. Give some dodgy site your credentials to see if it knows your account is hacked? That is the hack. Okay. I took a look at the site, and it does give the option of submitting your credentials using a SHA-512 hash instead of in plain text. I've changed my initial 1 vote on the post to a 3. I still don't think it's a good idea, on general principles.
Software Zen:
delete this;Gary R. Wheeler wrote:
I still don't think it's a good idea, on general principles.
Yeah, what we really want for a site like that is for it to be run by a "reputable" name that we "trust" like say Facebook? :rolleyes:
Regards, Nish
My technology blog: voidnish.wordpress.com You've gotta read this : Using lambdas - C++ vs. C# vs. C++/CX vs. C++/CLI
-
Gary R. Wheeler wrote:
I still don't think it's a good idea, on general principles.
Yeah, what we really want for a site like that is for it to be run by a "reputable" name that we "trust" like say Facebook? :rolleyes:
Regards, Nish
My technology blog: voidnish.wordpress.com You've gotta read this : Using lambdas - C++ vs. C# vs. C++/CX vs. C++/CLI
-
This sort of post normally raises an eye brow or two, but the pwnlist site could actually be useful! Yet I still hesitate to put my email in, anything related to warez or its affiliates I stay well away from...
Nothing good will come from this, as an account can be comprimised in a variety of ways, which normally is almost impossible to tell (keyloggers and such). A good way to tell is using NETSTAT /bfo, which requires elevation in Win7. You can see what processes are running, which ports they're using, and the process ID. My favorite is the PC clean or refresh utilities like this little gem. Clickety[^] They're absolute rubbish and usually contain mal-ware infections. Some of these little bastard programs even have commercials(USA). WMI's is a more proper term I suppose, Weapons of Mass Ignorance that is...
Something clever...
-
Nothing good will come from this, as an account can be comprimised in a variety of ways, which normally is almost impossible to tell (keyloggers and such). A good way to tell is using NETSTAT /bfo, which requires elevation in Win7. You can see what processes are running, which ports they're using, and the process ID. My favorite is the PC clean or refresh utilities like this little gem. Clickety[^] They're absolute rubbish and usually contain mal-ware infections. Some of these little bastard programs even have commercials(USA). WMI's is a more proper term I suppose, Weapons of Mass Ignorance that is...
Something clever...
I think you are missing the point of the site. You supply your login name or an email address or a hash of either of them. They scan a list of account credentials that they have obtained through the underground sites that exchange/trade these stolen credentials. These could be for facebook, twitter, codeproject, google etc. etc. If you get a positive hit, then it would be highly advisable to login to the site where your credentials have been obtained for and change your passwords potentially before someone else makes use of the account details and starts hijacking.
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
-
I think you are missing the point of the site. You supply your login name or an email address or a hash of either of them. They scan a list of account credentials that they have obtained through the underground sites that exchange/trade these stolen credentials. These could be for facebook, twitter, codeproject, google etc. etc. If you get a positive hit, then it would be highly advisable to login to the site where your credentials have been obtained for and change your passwords potentially before someone else makes use of the account details and starts hijacking.
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
Perhaps I should have explained myself better. By favorite I meant it with heavy sarcasm, sorry! :laugh: Yes I understand what the point of the site is, what it offers, and what a positive result of their search entails. What I find ignorant about it is that it's just a compiled list of known breached customer data, which most companies will already have notified you of your data was compromised. Albeit, I also understand that some companies do not report this information to their customers also. Other than being a part of this list, how can they verify that an your account has been hacked? Few things I find fishy are; By entering a common username and email in short concession could leave you open to abuse imo. Is that by entering an email address for the search, you could be giving spammers a known email address to add to their list. It also could tie said email to your current IP address, which makes hacking into someone's account easier when you know where to look for information. This is where I based my original comment about it. These kind of free "help" programs remind me of some utilities that I run into with end users, which they have downloaded on their machines to make it "perform better" have been the cause of much trouble. I was simply trying to convey the idiocy behind some of this crap that floats around the net.