That’s right. I hate to tell you folks, but if you give me 10 seconds alone with your computer I’ll not only get your user name and passwords to every mail box you have set up in Outlook and Outlook Express, but I’ll also be able to see every single login you have saved in your Internet Explorer auto-complete settings.
And I’ll do it all with this tiny little application. Don’t believe it? Fine, download it, unzip it and launch it. You’ll be instantly staring at all of the passwords you’ve ever told Microsoft to remember for you.
If that doesn’t make you paranoid… well, you just aren’t alive. So, what can you do about it?
- Take my previously stated advice of using RoboForm to remember all your passwords.
- Don’t ever, ever, ever allow Internet Explorer to save a password. You also can’t allow Outlook to save a password.
- Immediately download and use a system cleaning utility to erase all that data.
- Strengthen all of your passwords!
- Switch to FireFox or Opera as your main Web browser.
- Switch to Thunderbird for mail reading.
I know I’m beginning to sound like a broken record to my regular readers when it comes to security paranoia, but I’d rather you be safe than sorry. And hey… at least One Man is looking out for you. :-)
Related posts
- How I’d Hack Your Weak PasswordsIf you invited me to try and crack your password, you know the one that you use over and over...
- Tutorial: How-to Recover Windows Login Passwords Windows security is sad. Although most of you have probably already read my article about using strong passwords, even...
- Protect Your Privacy, Delete Internet Usage TracksHere’s a question I received from a reader: Can you recommend a good hard drive sweeper? I need to clean...
- Peel Boiled Eggs in 5 Seconds Flat!This is awesome! It is the most unique egg peeling method I’ve seen. Well, I previously posted this other method,...
- FREE Spam Protection for OutlookHave you noticed that Outlook’s native Spam protection is severely lacking? Well, there is a great little freeware application called...
- Windows Update for FireFox and Opera UsersThere are a lot of people that have migrated to alternative Web browsers such as Firefox and Opera; the problem...
- 5% of Web Sites Will Ruin Your ComputerSecurity conscious techies now have some additional evidence to illustrate the inherent risks posed from surfing the Internet unprotected. According...
LinkedIn
Facebook
Twitter
That’s odd…no mac version. :)
Scary stuff.
How can Microsoft get so much wrong, when much smaller, poorer firms apparently have no such issues?
That Mac comment shows the very weakness that Hackers will exploit when they turn their beady eyes to the Mac…arrogance. The reason Mac users haven’t had to worry about security as much is because there were fewer Mac users around. But with their growth in popularity, they will begin to suffer the same attacks that PC users have suffered. With my Mac friends I use the analogy that it’s like a guy not wearing a condom during sex because he’s never caught any disease in the past. Past experience does not determine future experience. But as long a Mac users keep their noses in the air, they’ll never see the pit they are about to fall into.
Should I not be concerned that my AV had to delete the program, as it classed it as a virus? anyone else had this problem??
Damian,
Your Anti Virus or Anti Spyware program is right to disable this app because it is known to be used maliciously. However, the dangerous form is when this application is installed as payload from a piece of malware.
In other words. It is not dangerous for you to download and run it yourself, but it is dangerous if someone else sneaks it onto your computer (the point I was making exactly). And since your AV program doesn’t know who’s running it, it disables by default.
For more detail see the Computer Associates site here or here.
Still, the larger point is that this is a MAJOR flaw in the password security of the Microsoft product line.
John
http://www.stevengould.org has this which he coded himself. Doesnt show up as virii under NOD32 either. I’d like to see the source code.
Hi ONE MAN…..
my self Rasool, working as a system admin, and i have a lot’s of ideas and plans to do in computing world, and lot’s of doubts too…. i tried to search in the google search engine but i didn’t get any proper answer…… is this right place to ask my doubt……. if yes…. i have one simple question (doubt), how the hacker will try to hack the mails of outlook over internet, means a sender has sent a mail to the second person, the mail which is on the way of internet, at that time how the hacker will got to know this is the mail which he want to hack….. like that….. hope you got my point….. please send me a message as soon as possible… Thanks in ADVANCE…
@Rasool
I think a hacker can not predict when the victim is going to sent a mail..So he have to capture(sniff) all the packets that is being send from victims computer and then reconstruct it to view the mails or any other data..