Things to do to Lower odds of getting Hacked

[WWGD]

Hi all,
Last two weeks, while at a public place, a computer lab actually, my email account was hacked.

The only safety measure I can think of is to restart the computer after logging of. I heard that one
can lock the computer if/when one walks away from it for a few minutes, but I don't know how. I
have a reasonably-strong password ( it is ************ , in case you're curious :) ) and I don't socialize
much in there to have someone guess my account.

What else can I do to increase my account safety?
Thanks.

 

[Greg Bernhardt]

How did you know it was being hacked? Were you on a public computer or your personal laptop?

Logging into secure accounts like email or banking is very dangerous when using public computers.

 

[WWGD]

Hi Greg, I guess I should say I think it was being hacked ;basically some emails disappeared and the computer started acting strange the screen resolution changed and the settings to change it back were locked. I restarted in safe mode and removed some programs, then changed my password and the problem disappeared. :

 

[Greg Bernhardt]

What email service do you use? This was your laptop or public computer? Did you run antivirus and malware scan?

 

[WWGD]

I use outlook/Hotmail. I was in a public computer. And I did run an AV scan.

 

[Greg Bernhardt]

I was in a public computer.

Yeah this is not advised. Public computers are usually riddled with viruses.

If I ever have to login to email using the public computer I do it very quickly. To login I also use a username/password obfuscation technique to prevent easy key logging. Essentially it is typing a few letters in your username and then click over to a random text input box like the search bar and type in a few random characters. Then go back and finish the username. Do that for the password too. That way the keylogger will have more difficulty figuring out what is your real username and password.

ex

username: johnwiller23
password: dw2kd09

If you use my technique, then the keylogger might only see johnk5432dwiller23dw2kfr43rfkgdd09

Also make sure you wait to make sure the system successfully logs you out.

 

[WWGD]

Thanks, I will try that. Does restarting the computer log you off? And does typing Control+Alt+Delete disable (at least temporarily) key logger?

 

[Greg Bernhardt]

Does restarting the computer log you off?

Sometimes. Often there is a "remember me" box where it will auto log you back in.

And does typing Control+Alt+Delete disable (at least temporarily) key logger?

Sort of, but you're also not able to type anything, so what is the point?

 

[Astronuc]

I use outlook/Hotmail. I was in a public computer. And I did run an AV scan.

Don't use a public computer to access personal accounts!

Browsing the internet is fine as long as it does not involve personal information.

Definitely, do not log into PF on a public computer.

Start with the assumption that any public computer, especially one to which one can attach a flash drive, is unsecure.

 

[thankz]

run your computer from the guest account, type mmc in the run box and see what you'll find, you may need a domain controller (win server), I'm not sure what's going on with the latest editions of windows(you need the ULTIMATE version or some such nonsence). it used to be that you could download a hardened template from the nsa for win2k/xp systems and apply the security policy. you may need the win(version?) resource disk for admins to get to the tools in the latest versions of windows, I'm running win7 ultimate and the security policy is under administrative tools in the start menu.

 

[WWGD]

I thought I was relatively safe since I don't have an admin account . I mean , there are a lot of restrictions on what I am allowed to do/download/etc..

 

[B0b-A]

Hi all,
...I have a reasonably-strong password ( it is ************ , in case you're curious :) ) and I don't socialize
much in there to have someone guess my account.

They don't have to guess passwords : it is possible to be redirected to a fake-version of the login-page where you input the password : it's called phishing ... http://en.wikipedia.org/wiki/Phishing#Website_forgery

[ Having said that , in the past Hotmail has been hacked behind-the-scenes, which is not preventable by user ].

 

[StevieTNZ]

I'm confused, your emails caused your personal computer to change monitor resolution (from logging in and possibly having your emails hacked while using a public computer)? How do you view your Hotmail emails on your personal computer? Website or Outlook (the program, not outlook.com) etc.

GData Total Protection (which is what I use) blocks phished websites, as would many other security solutions.

 

[Borg]

I hope that you have changed your passwords from a non-public computer by now.

 

[WWGD]

I hope that you have changed your passwords from a non-public computer by now.

Yes, I did, but , since I suspected someone was reading or getting access to my email messages ( a few of them disappeared), I left a f**** you message before changing it.

 

[harborsparrow]

The number one thing to do to prevent this in the future is stop using Outlook as the email client. From its conception, Microsoft Outlook was born with the ability to allow programs attached to emails to run on a computer, which is a really really bad idea. Typically anti-virus programs will try to prevent this, but they don't always succeed. If you switch to an email client such as Thunderbird, NO program will ever be executed directly from within your email.

There are a few other things you can do as well. If you use Facebook, turn off "apps" in Facebook and keep them turned off. This means you won't be able to logon to other sites using your Facebook logon, and that is a good thing. Use of "apps" in Facebook means you are giving your Facebook logon and password to third-party companies, and you can't guarantee that they won't leak or share that information with hackers. The fact is, most people reuse their logon names and passwords, and so once one of those gets loose in the wild, you become vulnerable in several ways.

The same thing applies to using Twitter or Google logons on third-party sites. Don't do it. Every time you do, your logon information is being more widely shared across the world, and you can't guarantee the good behavior or safe IT practices of all those companies.

Basically, you need an easy set of logon / password combinations for all those third-party sites. Keep that completely separate from your email logons or the logons for any of the major portals providing an email-like service, such as Google, Microsoft, Facebook, Twitter, etc. Keep them separate. Keep them separate. Do not cross-logon. Period.