Online Accounts Hacking
julie_carlson
Chicago Ridge, IL
My live in boyfriend stated that he has a "computer expert" in Chicago "monitoring" an online account I have. It's on a silly site called MyYearbook. I only use it to track my daughter's activities so I don't really care.
What concerns me is that he stated that this expert has the ability to trace, break into and read or manipulate any web based account knowing only the IP address of the computer being used to access the account. In the absence of any keylogger type of programs, is he being truthful? I do my banking online....
Without having my password info, this guy was able to produce a printout of a web based email conversation from my account. I used to work closely with IT, taught classes on pc security, etc. and I am stumped. What steps can I take to protect my privacy? I've already changed passwords to a random alpha numeric format and am very careful about logging out of anything I use.
Sincerely,
Julie
What concerns me is that he stated that this expert has the ability to trace, break into and read or manipulate any web based account knowing only the IP address of the computer being used to access the account. In the absence of any keylogger type of programs, is he being truthful? I do my banking online....
Without having my password info, this guy was able to produce a printout of a web based email conversation from my account. I used to work closely with IT, taught classes on pc security, etc. and I am stumped. What steps can I take to protect my privacy? I've already changed passwords to a random alpha numeric format and am very careful about logging out of anything I use.
Sincerely,
Julie
0
Comments
He could have set your computer up to proxy through another server.
He could just be BSing you.
Knowing a computer IP alone isn't enough info to do specifically what he's saying he can do.
But by the same token if your BF threatening you with this level of crap probably time to boot him to the curb.
A lot of those silly parental control have the ability to send IM conversations and e-mails sent either to or from their children to their mailbox in addition to being sent to whoever was supposed to receive it. Perhaps this expert or your BF is using parental control software to do this.
It seems unlikely that he would be able to do this without installing something on your computer. Did you actually see this printout of your conversation? If you didn't I'm going to call BS. If you did, look closely at it. Does it say that the emails are from you and your friend and to you and your friend? are there any Bcc's or cc's? If there are timestamps, do they match when the conversation took place? What e-mail client do you use?
the best way try to change ur ISP.
Just make sure he's not watching over your shoulder when you're putting your bank info in
Oh...and dump him to the curb. You gotta be atleast a little loopy to say stuff like that to your girlfriend
Your live-in boyfriend is a controlling, manipulative dickhead.
Love,
Brian
Couldn't have said it better myself...
...other than there should be a BIG, HUGE EX in front of boyfriend....
x2 - kick his sorry ass to the curb!!
Primesuspect, where are links for downloading the Pocket Killbox?
Visit a site that has ssh, Such as gmail.com or your banking site (Don't login).
Most tools that allow you to do man in the middle attack by default spoof ssl as well. This makes them easy to detect since the certificates will be invalid.
Also ensure your wifi is secure if you use it. Use at least WPA encryption at a minimum, Don't use something he can guess for the password.
If your wifi is insecure he can literally just show up with his laptop switch his wifi card to monitor mode and listen in on all your traffic that isn't encrypted.
Most likely hes full or shit or put at most put Trojan on your computer.
If your really concerned and the first test was ok, (No error message and the picture of the lock was there).
Format your computer put a fresh install of windows on your computer, Then change all of your passwords, Don't use the same password for everything and don't write it down.
Then dump your boyfriend he clearly has some major issues and should see a psychiatrist or something.
edit: From what you have described it sounds like hes doing a man in the middle attack (probably arp cache poisoning). If the ssl certs are valid, your using a browser that doesn't suck at verifying certificates (Firefox,chrome,IE7+). And the picture of the lock is still there you should be good. There are few ways to have the session between you and the attacker in http and the session from the attacker to the site in https. But you won't have the picture of the lock in the right spot of your screen. (In firefox bottom right of your screen).
For a man in the middle attack he would have to be sitting on your lan either wired or wirelessly. Or he would have to have compromised a host on your lan.
well said. i just booted my batshit crazy gf