Welcome to the MacNN Forums.

Back-to-Mac · Jan 5, 2004, 02:51 PM

I was chatting to a colleague a lunch today and she mentioned that her AOL account was hacked into as someone found her password using her AOL screen name. How can this be possible?

Millennium · Jan 5, 2004, 03:13 PM

There are two major possibilities.

It's possible that someone posing as AOL staff tricked her into simply telling him (or her, as the case may be) her password. This process is commonly called 'phishing' by most of the people who do it ("social engineering" is used by most others) and is still surprisingly effective even though AOL plasters "AOL Staff will never ask you for your password" all over e-mail and IM windows.

The other possibility is that someone simply guessed it. This isn't always as hard as it sounds. You'd be surprised how many people use their own names (or worse, their own screennames) as passwords. Worst of all, though, are the ones who simply use 'password' as their password. You'd be surprised how many people actually do this.

Nivag · Jan 5, 2004, 03:19 PM

the other popular password system admins use is 'god' - which is funny cause it Delusions of Grandeur backwards as a acronym.

residentEvil · Jan 5, 2004, 03:27 PM

any systems i've been part of (mostly vms clusters) there is a minimum password length, and a dictionary. god would never be accepted. nor would password. password1 would work though, as that isn't a word in a dictionary.

but if you are the head cheese in charge of the clusters, once you set the password the correct way, just hop into sysuaf and change it to whatever you want, like god fo example. but then, you are stupid and shouldn't be in a position to do so.

also, found many many vms machines out there where the sysadmin didn't turn of the field service account (or change the password at the very least). idiots.

Spheric Harlot · Jan 5, 2004, 03:31 PM

Originally posted by residentEvil:
but if you are the head cheese in charge of the clusters...

"head cheese".

eww.

Sherwin · Jan 5, 2004, 03:33 PM

Originally posted by Millennium:
There are two major possibilities.

Three.

A guy here in the UK recently wrote into a newspaper moaning that his account had been "hacked" because he kept seeing e-mail which he'd never sent being returned to him. Someone explained that anyone can forge an email to make it look like it came from his account.

So has she actually been hacked, or just doesn't understand how spammers do things? She's on AOL, so I suspect that she's not the most Internet-savvy person alive (no disrespect). This could be the case.

MindFad · Jan 5, 2004, 03:33 PM

Originally posted by Spheric Harlot:
"head cheese".

eww.

dude

macvillage.net · Jan 5, 2004, 04:19 PM

AOL Passwords are transmitted as plain text.

There is floodcontrol in place, so I don't think brute force would be to effective.

I'd guess that someone just guessed it, or watched your friend type it in (or used it in a terminal where AIM was set to "save password"). Something along those lines.

Either way, I would call:
800-827-6364.

to get it resolved.

wataru · Jan 5, 2004, 04:40 PM

Originally posted by MindFad:
dude

sweet!

dillerX · Jan 5, 2004, 06:17 PM

Originally posted by wataru:
sweet!

Does your truck have a Hemi?

residentEvil · Jan 6, 2004, 07:43 AM

can i have my order?