Re: Cyber Thieves Steal Entire E-Mail Accounts

[Nick FitzGerald <nick () virus-l demon co uk>]

Fergie wrote:

> WBAL-TV 11 News I-Team reporter Mindy Basara said criminals are
> stealing e-mail accounts and...
<<snip>>
> Lisl Moyer spent hours trying to undo a mistake she said she wouldn't
> make again. She accessed her Hotmail account on a public computer and
> believes she forgot to log out. The next time she tried to log onto
> Hotmail, she couldn't because her password had been changed.

Interesting how this story _entirely_ missed the possibility that she 
did, in fact, log out of Hotmail and was simply the victim of a 
keylogger.  What depth of reporting...

> "They had changed my secret question," Moyer said. "How they changed my
> secret question, I have no idea."

And again, understanding this is far from rocket science.  OK, so the 
poor victim doesn't understand that "never tell anyone your password" 
means just that, at least partly because your username is quasi-public 
(being in your Email address) and once someone also knows your password 
to the system they effectively _are_ you.  Clearly with the victim not 
understanding this, I'd have thought it a rather important fact to 
point out in the story so it actually had some useful content beyond 
its current largely scare value.

Mindy Basara does have good teeth and high cheek bones though:

   http://www.thewbalchannel.com/2005/0906/4938541_320X240.jpg

so I guess her journalistic credentials are beyond reproach...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.