I’ve heard that instant messages through AOL/Yahoo/MSN can be read by
hackers that “sniff” the messages leaving my network. Is this true?
Yes.
It’s actually true for all the data that comes and goes on your internet
connection: web pages, emails, instant messaging conversations and more.
Most of the time it simply doesn’t matter. Honest.
On the other hand, there are definitely times and situations when you really
do need to be careful.
]]>
Data traveling on a network such as the internet can be seen by many other machines. Local machines connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels across the internet, it actually travels across many devices each of which can “see” the data.
Sounds scary.
The good news is that’s actually pretty hard to find data transmitted to and from a specific machine unless you’re on the same network segment. For example, if you’re connected to the internet via DSL, other machines sharing that DSL connection might watch your traffic, but random machines out on the internet would have an extremely difficult time tracking it down.
It’s not something I worry about much at home.
However, there are scenarios that you should be very aware of.
-
Wireless access points operate much like a hub. Any wireless adapter within range can see all of the network traffic in the area. Visited any open (meaning not WPA-encrypted) wireless hotspots lately? Anyone in the coffee shop or library, or even just outside on the street or a nearby building, could be sniffing your traffic.
-
Hotel or other third-party provided internet connections are also vulnerable, since you have no idea what, or who, is sharing or watching your connection. It’s possible that you’re on a hub, and the room next door or down the hall could be watching your traffic, or it’s possible that the hotel staff themselves are tapped into the internet traffic to and from all the rooms.
-
Landlord-provided internet connections, or those provided by or shared with a roommate or housemate fall into the same category: whomever set it up could very easily be watching the internet traffic going to and from the connection(s) that they provide you.
-
Your connection at work can also easily be monitored by your employer. In fact, the only difference between your employer and a hotel or landlord provided connection is that in most places the employer snooping on your use of their connection is legal, whereas the others typically are not.
So, what to do?
Aside from avoiding the situations listed above where this kind of eavesdropping is not only possible but often downright easy, the answer boils down to encryption of one form or another.
If you can, make sure that your own wireless hotspots are configured to use WPA2 encryption. (WPA if that’s all that’s available. There’s no point in using WEP, as it is trivially cracked.) This way your wireless connection is secure. Even if someone does sniff and see your data going by, all they’ll see is encrypted noise.
If, as in most of the examples above, you do not have control over the wireless connection, and have no control over the actual connection to the ISP, then additional steps are necessary.
As a start, if you’re on the road you might simply wait until you’re home to access sensitive sites like online banking or others.
In terms of technologies to help keep you secure, the list includes:
-
https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information – including your web-based email – should provide an https connection, or should be avoided.
-
Secure email connections should be used with your desktop email programs such as Outlook, Thunderbird, or any program on your computer that uses POP3/IMAP and SMTP. By default most email services have you configure your email connection for downloading your email using unencrypted protocols. Many now offer the ability to specify encrypted equivalents. If you’re in any of the situations above, only encrypted protocols should be used.
-
VPNs or virtual private networks are technologies that can be used to secure your entire internet connection by creating an encrypted “tunnel” to a third party. All of your internet traffic goes to this trusted third party – encrypted – and from there it connects to the rest of the internet. All your internet traffic traveling between you and that third party is safe from sniffing by virtue of being encrypted.
The “third party” might be your place of work, if they offer such a thing, and as noted above, if you trust them. Other alternatives include services like HotSpotVPN which are targeted at folks traveling a lot who make regular use of open public WiFi and other fundamentally unsecure internet connections.
In general, when people ask about the security of their data it falls into one of two broad categories:
Privacy and Security or folks who are concerned that they’re being spied on. My general response is that most of us as individuals just aren’t that interesting, and it is rarely anything to be concerned about.
Opportunistic Theft or situations where someone’s looking not specifically for you or me, but rather for someone who’s allowed their bank, email or other secure information to be available for stealing. By leaving information available out and available to thieves, you can become a victim.
The good news is that the advice and technologies above go a long way to addressing both issues. The bad news, of a sort, is that it’s still your responsibility to make sure that you’re secure and using them appropriately.
(This is an update to an article originally published in February, 2005.)
MY EX EMPLOYER HAS HACKED INTO MY HOME COMPUTER AND PRINTED OFF EMAILS TO HIS OFFICE.
HOW CAN HE GET AWAY WITH THIS, IS THIS NOT AGAINST THE LAW?
THAT IS OPENING SOMEONE’S MAIL AS HE DID ME.
THIS IS TERRIBLE ON HIS PART, HE IS A ROTTEN PERSON TO DO THIS, I WOULD NEVER DO THAT, HAS HE NOTHING BETTER TO DO? WE GOT INTO A FIGHT OVER IT AN I LOST MY JOB. HE PRINTED SOMETHING OFF MY COMOPUTER ON A SUNDAY, WHEN I DO NOT EVEN WORK.
HE STOLE MY PASSWORD AND MONITORED ME FROM HIS OFFICE IS WHAT HE TOLD ME.
If my computer is ‘offline’ but the phone line is still connected, is it possible for a hacker to dial ‘into’ my system?
Not typically, no. You would have to have installed software that would auto-answer the phone. But in general, the answer’s no.
If you were on a LAN with your boss i could see this or on a wifi connect.
If your on a basic 56k dial up i’d say its a trojan or some kind of remote monitoring software.
If i were in your shoes (I wouldnt have been hired by the guy outta fear) Iwould pop in a Knoppix Live CD and go to town on his network and screw with his mind.
Bosses are snoopy and it’s not right if he put some software on your HD to peek on you.
My business requires the emailing of some sinsitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encripted email system such as mailvault.com but no one seems to think there is a sigificant threat or danger out there to require these extra steps in security. Can you offer any data to help me to convice them that this IS a good idea?
Try this article: http://ask-leo.com/just_how_secure_is_email_anyway.html
I have been hacked and have optimum online dsl service. Is it possible for hackers to retrieve information from my computer even though I shut down?
If your computer is off, then no, it cannot be hacked into.
I am an expert pc user and spend 60 hours a week on my machine and have never had this happen… I turned off my firewall to access a program on my old pc on the home network. I imported a file from c:folder\subfolder. I left the firewall off and left my machine for 7 hours. When I came back all files had disappeared from the folder and were not in the recycle bin. I am the admin account and logged off before I walked away but left the pc running with the firewall off. Did someone hack in and delete all my images. How can I trace down the files or evidence that I was hacked. Lucky for me what’s important is always transferred to cd or dvd and it was backed up.
Recent: While playing AOE on MSN zone, A hacker who didn’t want to lose was able to terminate my DSL connection? How? and what can I do to prevent this or track it?
The simplest is making sure that the connection is “https” from any login screen onward.
leo: my daugher lives with me with have comcast internet–my daugher got on to iam and my space–my ex who lives 6 miles away got hold of her myspace info and iam–does this mean he has hacked into our computer @ home or is he using a software–at that point of him doing this–her passwords userid were changed
is he hacking into our computer and my husband and my info and is this against the law
thanks desparate
if i have a a firewall can people still hack into my pc?
Of course. It’s just MUCH MUCH harder.
what will they be able to do?
Hi,
I read your information written above. I am in a office where 4 other people work and we all use same hub for connecting to internet. One guy is pretty smart and using linux. He said that he can see anyone`s data travelling through net. We are very scraed because of privacy of our emails, bank account etc. How can we stop him seeing that?
Regards,
tea
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Only use encrypted connections. https connections for webmail and
banking for example.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFF70zpCMEe9B/8oqERAs7oAJ90RiXFbSG0Hx2ecDTFjROML1yizACcDa//
JYex8E6D2matS4OPxMCSp1o=
=CDJy
—–END PGP SIGNATURE—–
Hi,
I have Mcafee Security Center which has been sending me notifications that my name ( both first and last) are being requested when I visit various sites. It also has said my address is being sent, but just my city. It says my exact first and last names are being sent which makes me uneasy. How do I stop this besides just hitting reject all the time?
Are there ways for people on social networking sites (such as myspace) to obtain information about people visiting their site? Thanks for your help.
Fear not, dumb user!
For parent who fear of child chatting with stranger, Child may chat to any stranger, for only one things that a child cannot reveal such information is a link to your place. Feed some fear to your child just how dangerous if involving to give information contact or in meeting can result to happen.
Here’s CNN recording to catch predator;
http://www.google.com/search?hl=en&q=site%3Acnn.com+predator+internet+transcript&btnG=Search
=============
Now for accounts that involve user/password on internet, such as IM, Mail, Myspace or whatsoever.. 1) You forgot to log off when you leave the computer in public such as at library, work, hotel, and other place of computer access to public. ‘hacker’ will play with your account, they may changed the password to keep the account for some reason, to check inside email and find the new other account you have created from any company that you registered (myspace, youtube, acme).. ‘hacker’ may as well go on myspace and click to “forgot password” by filling in email address and wait for popup in email browser.. So, created email account that come with 4 years or so, give hacker assuming that this person’s account have register many other site..
—-
To check if ‘hacker’ is nosy around on your network, This work in most LAN area, the outside of gateway(dsl,modem,cable) does possiable sniffing your datas at the endpoint of server or in route, ‘hackers’ can sniffing datas on the route point to find any interesting datas to use.
To track them down, Type (Ctrl+R) to open the ‘Run dialog box’ and type ‘cmd.exe’ and enter to run console program… type ‘netstat -ab’ to show the ip address and the program running in your system if there’s any other program you find is linking from ip.. Those program is what give ‘hacker’ interest to play with. This program may be a trojan running that you have been exploited in the past..
Start research on google.com to see what does this program is running, just to check if this is a trojan or not..
Another one to check in your traceroute from your computer to a target computer, the target we’ll be using is google.com, on the console, you type ‘tracert google.com’ You will see what is hopping from your computer, it will show something like this,
Your computer –> DSL –> ISP company –> route box –> misc box –> Google Server ….
-========
How to protect your datas,
To talk on line, use ‘ssl’ to secure your line.
To use file transfer, two things to use, encrypt the file by using this program http://www.truecrypt.org/downloads.php
Or compress it into RAR or ZIP and set the password in it to protect files inside compression file…
To surfing on browser, 2 things to protect, Use httpS on port 443,
On google.com, Type in url ‘google.com:443’ This will redirect to ‘https://google.com’
The second is probably not secure but it protect your identify if you don’t want other same ‘hacker’ on the route to sniff the same datas you sent to from point A to point B… You use Proxy
http://www.google.com/search?hl=en&q=proxy+surf&btnG=Search
——-
Fear about your identify, Well, it what you decided to say your name, address to the outside internet is already sitting there and kept as caching on other side of it.. You can’t tell that company to get rid of it.. IT ALREADY OUT THERE… In fact, your information is probably already out there since you have not as a user give out already.. You probably went to agency who work for he company is require to fill your information on their computer.. From that computer, they store information to the server database through the line on internet.. So it is already revealing to the network.. If you have the account to the bank, It is already out there on network.. If you use the library card, it is already out there, Your name, address, phone… If you have registering for a yellow book for your house phone number, it is already out on internet..
Point being, Your identify, don’t spread more information that may led to “hacker’s interest” to take from your… Your name, address, phone number.. What can the ‘hacker’ use them for? Probably nothing.. maybe spaming your mail.. it is possiable.. http://www.google.com/search?hl=en&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=phone+book&spell=1
‘hacker’ can get their database of all person’s name and address and put in ‘hacker program to print’ all papers to sent it out..
All of this seem to be pointless to me.. i guess All I could say to you is to start become a hacker and understand exactly what can hacker do. To be awareness of hacker’s tools can save you some idea just exactly what they use against to..
Protect your box, Use Firewall/IDS/Proxy/Monitor/Sandbox
Google it if you find such term you’re clueless
I have changed my password every two weeks and I still have a hacker getting into my computer and I know who it is and I can’t do nothing about it, so Leo can you please tell me what I can do about these people please?
Data traveling on a network such as the internet can be seen by many other machines. Local machines, connected via a hub, for example, all see the data being sent to and from all the other machines connected to the same hub. As the data travels the internet, it’s quite possible that other machines on the network can also see the data.
someone please answer my question. if i enter a chat room, can the administrator hack into my computer??
i need to know. i broke one of the rules of the chat room and have been banned from the website…but i am anxious that the administrator may hack into my comp because i know he has hacked into the email accounts of some ppl there… please help me..
I notice you say use SSL but I find for instance when I use yahoo, hotmail and even Gmail only the sign in page is secure, when I navigate away from this page, I see that my information is no longer secure, so I was wondering is it safer if I use Outlook express that I see has an option to encrypt messages I am sending, and is the message going to be encrypted all the way until it reaches the sender?
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Actually GMail stays in secure mode if you go to it in secure mode.
https://mail.google.com
Encrypting a message is different, and requires that your recipient have the
ability to decrypt it.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHO8BUCMEe9B/8oqERAhXKAJ0Tp1KPgw8lkZVMGzjdG++peXKEWACeIN5J
ygKs7BVx1jE9m73074mpmns=
=KxGY
—–END PGP SIGNATURE—–
can someone hack my computer and then send emails with IP address of my computer? In other words, can someone use my IP address from a distant computer after hacking my system?
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
That’s exactly what bots do – send email from your machine. Basically if your
machine is infected or hacked, all bets are off – they can do anything.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIFND1CMEe9B/8oqERAv48AKCGbGH1aGzd0P7K14QIeviUpSHjcwCdGSHT
5tY3ReTgcb478Uqe8APedq8=
=Q6uQ
—–END PGP SIGNATURE—–
I have been talking to who I thought was a friend for the past 2 months and then he popped up and said that he wasnt really that person. He was just using his screen name and myspace. But this guy has been sending me my friends pics and information about his work in the military. Is that possible to really be able to have acess to someones whole computer like that?
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Absolutely. If your (real) friend was careless and somehow
let his account information be stolen, this kind of thing
could easily happen. And it does.
That’s why people like me keep harping on keeping your
computer secure, choosing good passwords, and all the other
habits we should develop to stay safe.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIdSGqCMEe9B/8oqERAvicAJ9j1x7DnTdS+nC9Gp0seLOTQnMtFQCfaBRg
bdEUwNYI3ies3G3qQ/SI48M=
=xS3K
—–END PGP SIGNATURE—–
Hi Leo,
I recieved an e-mail where I was selling something on online (Craiglist). By stupid of my part (sorry for the word)I gave the person my address and name. After I did that I noticed that it was an Scam. What the person can do with my name and address?
thank you for your advise.
Tony
Can someone hack into my computer and put a screensaver on my computer?
Does a police officer or police dept. have access to hack into someone’s computer?
-Leo
Me and my roommate are sharing the wireless internet connection(secured WPA- personal).Can my room mate see what I am doing on the internet like I use Skype to talk to my girlfrn,so can he see what we are talking about and can he see the skype video too.If he can,how can I secure it from my roommate.
can some one hack in2 someones else computer throgh a virus ?
13-Oct-2008
I would like to know if there is anyway to check my laptop to know if has a worm or something inside that allows somebody else outside there to receive all the moves I do in my laptop.
There is a very small window that appears and dissapears at the bottom of my machine, where the bar of programs is and shows the applications that are open. This small window that shows and then disappear began to appear like 6 months ago and I am thinking that somebody installed, through an email I received, some kind of application that hacks my emails and also my internet moves.
Is it possible that Norton Antivirus can capture that worm?
Thank you.
Can a hacker steal any files from my computer?
20-Oct-2008
Should I close my e mail before I go out surfing on the net, or does it matter one way or the other?
09-Jan-2009
I’d like to copy and paste things from my Word docs. to, per example – a blog, but am wondering how safe my clipboard is. Can you tell me how attainable the info. saved to my clipboard may be? How much protection is needed?
27-Jan-2009
Dear Leo…Well I’d like to know if there is any possible way for me to know If there is any kind of keylogger or any other spying software installed in my laptop for someone to be able to see everything I do and write?I’ve been trying to check all files and stuff but I know these programs are hard to detect because they aren’t actually visible…Plese help me, what can I do? is there any way for me to find out, and if there is, is there any way I can avoid them and uninstall them? I hope you can answer my question..thank you very much.
How can I tell if the goverment has taken up host on my computer
I have WIFI in my apartment and the whole building connects to the same wifi, which means that we all share the same Network Password. Is Is it possible for others to see my internet trafiic. I don’t mean the ISP. Can anybody else with access to the network intercept my yahoo webcam etc.
17-May-2009
I use a wireless internet connection(secured WPA- personal) and noone other than me knows the password for it. Can anybody/ISP see what I am doing on the internet like I use Skype and Yahoo Msg to talk to my family oversea.Can they hear and see what I do on the skype/Yahoo video. If the answer is yes, can you please tell me how can I secure it from anyone/ISP to get an access to the same.
Hi Leo
Can a hacker see everything that is on your computer system like websites you’ve saved to your favorites?
I work from home and have access to an external system in a call center. I will like to know how much my boss can see on my computer while I’m working. For example, Office, internet, …
Regards, Violetz
14-Nov-2009
Hackers can take what ever they want. Stay away from blue areas ( Porn). Also Stay away from these dating games over the internet (Trouble). Use your computer / lap top for what you bought it for, sending emails to your friends and family. Turn off the internet while you are in your very privite Documents performing work or just writting letters. Also if you want to back up your computer (PC) get a USB port memory flash stick, what you do not see you not control. Do not give your documents, pictures or anything from your computer to any one; To keep for you in case your system crashes: If your system crashes, because you have the CD’S that came with your system, just reload and take the documents and family pictures from your flash stick, or CD’s. You can do it if you try. Mark
My computer is owned by my husband’s business and my email is
provided by his office. I know he reads my email which isn’t exciting but I’d like to enjoy some privacy. Will I have to change my provider to get security?
14-Jan-2010
From time to time — there is a need for my to enter my credit card when I purchase items from Tigerdirect or Amazon. When this occurs I get a message that says the page I am entering on is secure and when I leave that page it tells me I am going to a page that is NOT secure. Assuming I am careful to check for internal programs that “watch” the keys that I type — can a hacker intercept and obtain my credit card number? I should add that I have an unencrypted router for my home network but do not have any “shared” folders other than the one entitled “public”.
“you quote” “https (as opposed to http) connections are encrypted. Even traveling over unencrypted media like wired connections or open WiFi hotspots, the https protocol securely encrypts the data that is being sent to and from the web site being accessed. In addition, it also provides an additional level of security that the site you think you are connecting to is, in fact, that site. Not all sites support https (Ask Leo! is one such example) but sites that provide you with access to any potentially sensitive information – including your web-based email – should provide an https connection, or should be avoided.”
what web based emails are https?
thanks
01-Apr-2010
I’ve read your responses concerning outside access to your computer. How about this. Our system was Networked at one time so that more than one could be hooked up locally with the other.The “Administrator” who put it together, then later disconneced it might now be able to still access (from his home 30 miles away),files or my search history, e-mail? Can I do some type of check to see if he/it is still accessible to him?
if you’re connected to the internet via DSL, other machines sharing that DSL connection with roommate does he have access to watch your traffic or sites you visit? if yes what should we do to protect?
Lately, my internet passwords are becoming scrambled. I am careful about what password I assign to an account, but what I get returned from them as “confirmation” is not what I type in. Can you explain what may be occurring and how to resolve this. Thank You.
Don’t completely let your guard down just because it may be hard for some hackers to spy on you, or maybe you might feel your not important enough… NOT TRUE!
Getting past our 2 firewalls, and our anti-virus software was just the tip of the ice burg for this Back-Door Trojan – Keystroke Virus that sat in all of our networked computers at work and stoled credit card numbers, passwords, social security card numbers, mothers maiden names,bank account numbers and worse…. for how long you ask? We actually have no idea, until we started getting charges to credit cards, paypal and more.
So, after five and a half weeks of changing passwords, canceling credit cards, bank account and …. well, you get the picture we dug ourselves out of the hole we were in.
We did find our security hole 6 months later, as an employee was terminated for viewing porn on a work computer.
Our lesson, never use a computer with valuable or sensitive information on it and communicate with the outside “World – Wide – Web”!
So be safe out there!
could someone possibly write me at my email above and tell me if a hacker could see my data going to and from my computer? it is my private home computer. I sent an email to another email account (gmail) and it never got there. it had an attachment with very important information about my accounts. I’ve checked the address and I sent it to the correct email address but it never arrived. I am sick with worry. do I have reason to be worried and what can I do now. thanks.
I have a wifi notebook. I share a router with my neighbor. He gave me the passcode. I’ve been noticing lately that my computer has been accessing his router, even though I am not on my computer. When I go out of town and take my computer with me, I notice his router has somehow been active on my computer. How is this all possible? And am I being hacked? About a month ago, I was recieving e-mail from old address books from a few of my deleted e-mail accounts.
I beleive my computer has been hacked into by my ex husband. I also have vonage which works
off my high speed internet with Time Warner which means my phone is tapped also. He is helping some other people who I am In a high stakes law suit with so the information I write on my computer and say over the phone gets somehow to the opposing counsul. They also have illegally accessed my discover card pretending to be me and used my bank account to transfer almost $ 5,000.00 out of my checking account so the person or persons doing this have to know all of my personal information. I don’t even know my own new checking account number because I don’t want anyone to be able to do this again however, I know my computer is being hacked. Is there any way I get the hacker out and keep him out? I am desperate. Please HELP!!!!