ChatterBank6 mins ago
Hacking
4 Answers
An email address was hacked, presumably, and the addresses in the contact folder were used to send malicious emails.
The computer had been turned off for 9 days so how can someone get into an email and also the contacts?
The computer had been turned off for 9 days so how can someone get into an email and also the contacts?
Answers
Best Answer
No best answer has yet been selected by llamekuf. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.How do you access your email? If it's through an email client (such as Outlook Express, Windows Live Mail or Thunderbird) your contacts list is stored on your computer, but if you used a web-based system (accessing your mail through a browser such as Internet Explorer, Firefox or Chrome) your contacts list isn't on your computer; it's on the server of your email provider. Perhaps that's what was hacked?
Email Hacking can be achieved by the following listed methods below:
Here are top 10 attacks that are now been used by almost every hacker in the world.
1. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK
DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.
And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.
It’s kind of like having your car stolen when you really need to get somewhere fast.
The usual agenda of a DDoS campaign is to temporarily interrupt or completely take down a successfully running system.
The most common example of a DDoS attack could be sending tons of URL requests to a website or a webpage in a very small amount of time. This causes bottlenecking at the server side because the CPU just ran out of resources.
Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers.
[maxbutton id=”1″]
2. REMOTE CODE EXECUTION ATTACKS
A Remote Code Execution attack is a result of either server side or client side security weaknesses.
Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.
The following vulnerable components were downloaded 22 million times in 2011:
Apache CXF Authentication Bypass (http://cve.mitre.org/cgi-bin/cve...)
By failing to provide an identity token, attackers could invoke any web service with full permission.
3. CROSS SITE REQUEST FORGERY ATTACKS
A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.
In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account. This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.
In other cases, once the user’s browser session is compromised, the hacker can generate requests to the application that will not be able to differentiate between a valid user and a hacker.
A CROSS SITE ATTACK EXAMPLES
Here’s an example:
http:// example .com/ap p/trans ferF...
In this case the hacker creates a request that will transfer money from a user’s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker’s control.
4. SYMLINKING – AN INSIDER ATTACK
A symlink is basically a special file that “points to” a hard link on a mounted file system. A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.
If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.
In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.
5. SOCIAL ENGINEERING ATTACKS
A social engineering attack is not technically a “hack”.
Contact via [email protected] for personal tutorials on hacking.
Here are top 10 attacks that are now been used by almost every hacker in the world.
1. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK
DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.
And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.
It’s kind of like having your car stolen when you really need to get somewhere fast.
The usual agenda of a DDoS campaign is to temporarily interrupt or completely take down a successfully running system.
The most common example of a DDoS attack could be sending tons of URL requests to a website or a webpage in a very small amount of time. This causes bottlenecking at the server side because the CPU just ran out of resources.
Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers.
[maxbutton id=”1″]
2. REMOTE CODE EXECUTION ATTACKS
A Remote Code Execution attack is a result of either server side or client side security weaknesses.
Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.
The following vulnerable components were downloaded 22 million times in 2011:
Apache CXF Authentication Bypass (http://cve.mitre.org/cgi-bin/cve...)
By failing to provide an identity token, attackers could invoke any web service with full permission.
3. CROSS SITE REQUEST FORGERY ATTACKS
A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.
In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account. This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.
In other cases, once the user’s browser session is compromised, the hacker can generate requests to the application that will not be able to differentiate between a valid user and a hacker.
A CROSS SITE ATTACK EXAMPLES
Here’s an example:
http://
In this case the hacker creates a request that will transfer money from a user’s account, and then embeds this attack in an image request or iframe stored on various sites under the attacker’s control.
4. SYMLINKING – AN INSIDER ATTACK
A symlink is basically a special file that “points to” a hard link on a mounted file system. A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.
If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.
In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.
5. SOCIAL ENGINEERING ATTACKS
A social engineering attack is not technically a “hack”.
Contact via [email protected] for personal tutorials on hacking.