 |
 |
.Mac security (account hacked)
|
|
|
|
|
Mac Enthusiast
Join Date: May 2001
Status:
Offline
|
|
Hi,
A friend of mine is getting evidence of someone repeatedly hacking his .mac email, they seem to be leaving messages telling him his password.
I notice the login page is not a secure one. Although it does show a closed padlock graphic on the page itself the URL is http: etc and mozilla itself shows an open padlock.
Questions:
1) I'm under the impression that intercepting information entered in to a non-secure webpage is a trivial matter. Is this really the case?
2) How are they watching him? Are they watching *his IP* for all activity or are they watching the ,mac login page and then picking on him?
3) Is the .mac login page really not a secure page? Perhaps I'm mistaken...
He's using Tiger btw, presumably from one computer.
Thanks!
Simon
|
|
Get a free email address at http://www.ippimail.com and support your favorite charity without it costing you a penny.Email for the good guys!
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
That's quite odd. If he's getting emails from people containing his .Mac password, he should contact Apple immediately: (800) 767-2775
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2001
Status:
Offline
|
|
Originally Posted by Big Mac
That's quite odd. If he's getting emails from people containing his .Mac password, he should contact Apple immediately: (800) 767-2775
Hi,
I sugested this also but it would be good to get a handle on how it's happening in any case. They seem to be dropping messages straight into his mailbox rather than sending enmail as such, if I have understood the situation correctly...
Simon
|
|
Get a free email address at http://www.ippimail.com and support your favorite charity without it costing you a penny.Email for the good guys!
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2001
Status:
Offline
|
|
Originally Posted by TETENAL
Hi,
I did read that which is why I asked question 3).
This is the .mac login page (assuming it works...)
<http://www.mac.com/WebObjects/Welcome.woa/wa/login?rid=05KM5HRdNLlVKExd&wosid=D6fttJy7yvo6X Rlhtzaxr0&aff=consumer&cty=US&lang=en>
Is it really a secure page?
Simon
|
|
Get a free email address at http://www.ippimail.com and support your favorite charity without it costing you a penny.Email for the good guys!
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2001
Status:
Offline
|
|
If you view the source you'll see the form post action is https:
<form method="post" action="https://www.mac.com/WebObjects/Webmail.woa/287/wo/b50SNU7C1KOf5JF3mjgFV0/0.0.9.17.1"><table cellpadding="0" cellspacing="0" border="0">
Is it an old .mac account? I.e. from the iDisk era? If the password is the same from then they could only be 6 characters long, so not too hard to guess.
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2001
Status:
Offline
|
|
Originally Posted by ism
If you view the source you'll see the form post action is https:
<form method="post" action="https://www.mac.com/WebObjects/Webmail.woa/287/wo/b50SNU7C1KOf5JF3mjgFV0/0.0.9.17.1"><table cellpadding="0" cellspacing="0" border="0">
Is it an old .mac account? I.e. from the iDisk era? If the password is the same from then they could only be 6 characters long, so not too hard to guess.
Hi,
Great, that answers the main question.
They aren't just guessing the password. As soon as he realises the account has been breached, my friend changes the PW. The hacker seems to know the new one right away. This seems to have happened several times.
Simon
|
|
Get a free email address at http://www.ippimail.com and support your favorite charity without it costing you a penny.Email for the good guys!
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Jul 2005
Status:
Offline
|
|
TELL Apple immediately. If the hacker has cracked one account, he may have control over the whole server. Although unlikely, things like this do happen, and Apple needs to know before damage is dealt.
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Apr 2003
Status:
Offline
|
|
Have him check to see if he has turned on the Firewall in the system preferences. There's a lot of blocking that can be done with that. Have him turn off file sharing also, if it's on.
And definitely report to Apple and post at the .Mac Discussions forum over at Apple. That will get lots of attention for sure.
|
 3.06 iMac, 1 TB HD, 4 G RAM; MBP 2.16G; 250G HD; 1 & 1.5TB/160G FW EHDs; OS X 10.6.4, QT 7.6.6P;
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2001
Status:
Offline
|
|
Originally Posted by Old Toad
Have him check to see if he has turned on the Firewall in the system preferences. There's a lot of blocking that can be done with that. Have him turn off file sharing also, if it's on.
And definitely report to Apple and post at the .Mac Discussions forum over at Apple. That will get lots of attention for sure.
I'll pass all this on to him and ask him to make sure Apple are informed.
Thanks guys
Simon
|
|
Get a free email address at http://www.ippimail.com and support your favorite charity without it costing you a penny.Email for the good guys!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
