Tag Archives: Hack

Value your identity? Stay away from Yahoo!

Three of my friends had their Facebook account hacked in a span of a month.  How?  Their Yahoo! Mail was hacked.  They all associated their Facebook accounts with their yahoo mail.  My girlfriend is one of them.  I’ve told her many times to avoid using yahoo for anything that she values – e.g. social networking, credit transactions, etc.  Now I don’t have to say “told you so…” for her to learn from that mistake.

I’ve known for a long time that Yahoo is easily hackable.  Heck I can’t even believe that it is TOO EASY! If you have a hacked yahoo account and wanted to purge it of anything – you’d be out of luck.  I tried recovering my girlfriend’s yahoo account thru the same process a hacker can get hold of it.  Go to a Yahoo portal, click ‘Forgot Password’ or ‘Can’t access my account’ and you’re good to go.  That’s how easy it is.  You can just change the password with the steps provided in Yahoo!

Obviously it isn’t good enough to just recover the account and change its password.  I tried deleting her account thru Yahoo’s Delete steps shown here.  So I thought she’s in the clear from the hacker recovering access to her Yahoo account.  Guess what?! After you delete your account Yahoo! shows you this page.

Obviously a hacker can still recover your account within 90-days! What an idiot for Yahoo! to allow such FEATURE!

Obviously a hacker can still recover your account within 90-days! What an idiot for Yahoo! to allow such FEATURE!

I tried logging in with my girlfriend’s account with the wrong password.  And guess again! It doesn’t even make sure that I typed in the password it just asks me to verify if I want to re-active it and voila! I can open it again.  I still have 90-days to RE-ACTIVATE it as what Yahoo! says anyway.  A hacker can practically take over as long as he/she wants if needed…but for the real owner, you’d have no choice but to just wish hard the hacker won’t do more damage than what they already know – limited or not!

So for anyone using Yahoo! keep it for fancy un-important stuff.  Make sure you don’t keep confidential information in it.  I have a Yahoo! account but only for messenger – but I barely use it for important stuff anyway.  You’ve been warned!

P.S. Gmail is rock-solid in recovering passwords and even deleting accounts when the user decides to.  I just created a user in gmail to test it out.  The password recovery facility is so tight you can only recover it through a secondary email.  Deleting a google account will delete it instantly.  I can’t recover it in any way.

Advertisements

iPhone 2.0 Goodness

It’s been ten (10) days since Apple released the official iPhone 2.0 firmware for both the iPhone classic (first generation) and the iPhone 3G. Since then I’ve been waiting for any of the iPhone dev’s to provide us with a tool to hack into the firmware and update my unlocked 1.1.3 iPhone to the current version. I don’t really care for the 3G features for now but must-have upgrades are (a) Push – Exchange and Mobile Me, and (b) App Store.

Yesterday the world got hold of the official Pwnage tool 2.0 from the iPhone Dev team that will unlock the iPhone classic, and jailbreak iPod Touch and the iPhone 3G. I grabbed a copy and updated my firmware in less than 5 minutes. Whew! (It actually took me an hour or so but I was just insisting on a non-issue tweak but the first firmware update took only 5 minutes flawlessly)

I got several apps from the App Store pre-downloaded (all of them are free selections) and loaded to my iPhone. Boom! I like the new apps! Endless possibilities! Even Cydia – the open source installer is there so even unofficial apps outside the App Store can still be available once they are updated for the firmware 2.0.

I’m not that lucky with MobileMe’s push email though. I have a trial account to test it over wifi but it doesn’t seem to cooperate. I don’t get the “push” feature that I had back in my WinMobile days but I’ve read from forums that I’m not alone on this one. Others were lucky – I will try more tonight.

The iPhone Dev team had released a new update just earlier today – Pwnage 2.0.1 that fixes certain issues. I’ve used other tweaks before – e.g. ZiPhone – but I like Pwnage better than anything else. It may not be usable for grandma’s yet but the way it unlocks and jailbreaks iPhone is very intuitive. Now if you’ll excuse me I’ll go back to my phone and find more apps to use 🙂

P.S. Any iPhone user should pick up the Remote application from the App Store.  Very convenient remote for your iTunes or Apple TV