GoFuckYourself.com - Adult Webmaster Forum - View Single Post - my oldest gmail hacked 1st time in 5 years

BradBreakfast · 04-25-2011, 09:26 PM

YOU GUYS AREN'T USING INTERNET EXPLORER ARE YOU?

My guess.... Drive-by download keylogger: If you had activated Google Authenticator as soon as it became available [Like I Did], which is free BTW and ran an Intrusion Prevention System such as ThreatFire (also free) ... this wouldn't of happened.

Threatfire protects against known and 0day exploits: http://www.threatfire.com/

Google Authenticator: 2 factor login: http://www.google.com/support/accoun...opic=105628 4

Sometimes Threatfire will alert on false positives, like your web browser and instant messaging program as there is a short training period. (Just look at the .exe trying to communicate with the network and you should be able to tell if it's legit (firefox.exe, icq.exe) or non-legit (ufygsdft.exe, pornodownloder.exe).

When you browse "fucked up websites" use a sandboxing program such as SandBoxie to load a sand-boxed browser that loads in a secure, virtual environment.

http://www.sandboxie.com/ or a HIPS (Host Intrusion Prevention System) such as DefenseWall: http://www.softsphere.com/programs/

But who said you were attacked by a Windows trojan? What if it was a trojan horse on your mobile smartphone you downloaded from a non-legit "app store"... unlikely but that's also an attack vector. #JustSayin'

04-25-2011, 09:26 PM
BradBreakfast Confirmed User Join Date: Feb 2008 Posts: 415	YOU GUYS AREN'T USING INTERNET EXPLORER ARE YOU? My guess.... Drive-by download keylogger: If you had activated Google Authenticator as soon as it became available [Like I Did], which is free BTW and ran an Intrusion Prevention System such as ThreatFire (also free) ... this wouldn't of happened. Threatfire protects against known and 0day exploits: http://www.threatfire.com/ Google Authenticator: 2 factor login: http://www.google.com/support/accoun...opic=105628 4 Sometimes Threatfire will alert on false positives, like your web browser and instant messaging program as there is a short training period. (Just look at the .exe trying to communicate with the network and you should be able to tell if it's legit (firefox.exe, icq.exe) or non-legit (ufygsdft.exe, pornodownloder.exe). When you browse "fucked up websites" use a sandboxing program such as SandBoxie to load a sand-boxed browser that loads in a secure, virtual environment. http://www.sandboxie.com/ or a HIPS (Host Intrusion Prevention System) such as DefenseWall: http://www.softsphere.com/programs/ But who said you were attacked by a Windows trojan? What if it was a trojan horse on your mobile smartphone you downloaded from a non-legit "app store"... unlikely but that's also an attack vector. #JustSayin' Last edited by BradBreakfast; 04-25-2011 at 09:35 PM..