HACKED! How to protect yourself
Maqsud Sobhani
Salam alaikum,
We have received threats in the past and not so distant past that our group islamicminds may be deleted. I am sure you have heard similar things about your groups as well.
These people and their friends were involved in deleting other groups in the past. They deleted groups such as islam_in_yaho-o, islamtoall. These are so called Muslims but those who think they are the only one in the right path and every other Muslim is either Mushrik or Kafir. Therefore they feel absolutely no remorse or guilt of their actions.
We have taken extra ordinary precaution after consulting with some network security experts and other people. Rest is up to Allah. If our group does get deleted, then there is not much we can do except that Allah will judge between us in the hereafter.
There are several ways a hacker can try to delete a group. But before they can delete they will have to get access to the owner yahoo IDs password. We have spent countless hours in trying to figure out the ways one can hack your account and figuring out best ways you can protect yourself from such a hacker. Whether you are an owner of a yahoo group or not, all of us are owner of our own yahoo ids. Everything that has a yahoo ID will find the following information beneficial. I know many people, including myself, who have lost their yahoo ids to hackers.
Below we will discuss 3 ways one can hack into your account and possible solutions. The suggestions are based on professional help as well as our own research.
Method one:
One can directly try to hack into your account, whether by guessing or using some program to figure out your password. Believe it or not, this is the most difficult way to get password.
This process is called brute force attack.
However, yahoo has a very tedious login process that does 3-tier checking making any brute-force attack unsuccessful (almost).
How to protect:
Make your password mixed case with numbers and special char with 8-12 characters, there is no way of hacking into it. You can make it longer up to 20.
For example: John12*BIG, [EMAIL PROTECTED]
Explanation:
Any brute force attack (or new Xieve attack) uses permutation techniques, say, if the password is ZZ, the engine has to test around 26 * 26 tries to get that.
A 10 char password will take 26 to the power 10 tries.
Now if you use mixed case (upper and lower), number and special char, the magnitude will be much higher.
It will be very very time consuming, probably take a super computer type to hack.
Moreover, yahoo wont allow trying password forever, maximum 25-30 times in a hour.
Next two methods are much easier and deceiving way to hack.
Method two:
You can either receive a link in a message or email. I will seem yahoo related and will ask you to fill in your account and password. Once you fill it, the hacker will get access to your password. They immediately changed her password and she couldn't get back into her own account.
I know several people that lost their ID this way.
How to protect:
Be very careful about a link like that. Always stay with the site of caution. If you are not sure, then dont fill up the ID/password.
In case you did and now you are not sure, then immediately go and change your password before the hacker gets to it.
This one is the scariest and it is a flaw of yahoo.
Method three:
This one takes someone who knows you or someone you have given him or her information in chatting with them.
If you go to the forgot password screen of yahoo, all you need to know is the person's Birthdate and Zip Code. Then it will ask you their secret security question.
This secret security question is something you pick when you create your yahoo account. Yahoo offers you a list of 9 questions. You pick one and write down the answer. Often time we pick something that is easy and we are familiar with. Like what is your favorite sports team or your pets name, etc. Many people can be familiar with such secret questions/answer of yours.
Hacking into an account this way is as easy as saying 1, 2, 3. Trust me, I was shocked once I realized how easy it was. There were few hundred people that could have hacked my account that way if they wanted to.
How to protect:
First of all, be very careful about giving away your personal information online.
Second, you may create a fake Date of birth. You can make a DOB a combination of your and someone elses birthday or any other special day that you would remember.
Take precaution: You must maintain a file and write down this information.
You cannot change DOB of already created accounts. This is only valid for future accounts.
Third, you can email to yahoo and select your own custom made secret question! I did this and yahoo was very prompt and got back to me within few hours with my own custom made secret question and answer.
This is the way you can do this:
Go to: http://help.yahoo.com/help/us/mail/
Type: secret question in the box to ask questions. (click on Ask)
It will return bunch of links. The very first of is How do I change my secret question and answer?
Click on the link and follow the procedure exactly.
It is easy. Even I was able to do it. If you need help, I will be glad to answer your questions.
Or you can also click directly to: http://search1.cc.scd.yahoo.com/cct_search.php?brand=yahoo&ui_mode=answer&prior_transaction_id=973776&action_code=5&highlight_info=16782913,10,19&turl=http%3A%2F%2Fhelp.yahoo.com%2Fhelp%2Fus%2Fmail%2Fconfig%2Fconfig-17.html&answer_id=2921326#__highlight
Come up with a creative secret question and an answer that no one else knows. Be sure to write down the answer somewhere.
RECAP:
It is NOT easy to delete, if not totally impossible if we have difficult ID with the combination of Mixed case, special char, and numbers.
Make sure to write down the password in another place. If you forget the password and trying to retrieve it through yahoo procedures can be very tricky.
Do not keep too many ids as mod/owner. Even if they cant delete the group, with access to a moderator id they can delete many information and access member list.
Be careful about the alternate email:
You will notice under account information, you may have filled up an alternate email address.
If you forget your password, yahoo gives you two options. One after answering DOB, zipcode correctly, you need to answer the secret question. The other is the password is send to your alternate email address.
So you must protect this email address as well.
Yahoo doesnt allow another yahoo ID to be alternate email. It has to be a non-yahoo ID, such as hotmail, gmail, etc.
Often time people select one email as alternate email but then forget about it or lose access to it. You can lose access several ways. You can select a work email and after you quit your job, you lose access to it. You can select an email provided by your ISP and you lose it after changing ISP provider. You can lose by not using the email account for a long time. All 3 happened to me!
So be careful about the alternate email. Alternate email is optional, so you dont even have to give one if you dont want to.
I hope this will be helpful to you all.
Thanks
Maqsud
Start your day with Yahoo! - make it your home page
***************************************************************************
{Invite (mankind, O Muhammad ) to the Way of your Lord (i.e. Islam) with wisdom (i.e. with the Divine Inspiration and the Qur'an) and fair preaching, and argue with them in a way that is better. Truly, your Lord knows best who has gone astray from His Path, and He is the Best Aware of those who are guided.}
(Holy Quran-16:125)
{And who is better in speech than he who [says: "My Lord is Allah (believes in His Oneness)," and then stands straight (acts upon His Order), and] invites (men) to Allah's (Islamic Monotheism), and does righteous deeds, and says: "I am one of the Muslims."} (Holy Quran-41:33)
The prophet (peace and blessings of Allah be upon him) said: "By Allah, if Allah guides one person by you, it is better for you than the best types of camels." [al-Bukhaaree, Muslim]
The prophet (peace and blessings of Allah be upon him) also said, "Whoever calls to guidance will have a reward similar to the reward of the one who follows him, without the reward of either of them being lessened at all."
[Muslim, Ahmad, Aboo Daawood, an-Nasaa'ee, at-Tirmidhee, Ibn Maajah]
--------------------------------------------------------------------------
All views expressed herein belong to the individuals concerned and do not in any way reflect the official views of IslamCity unless sanctioned or approved otherwise.
If your mailbox clogged with mails from IslamCity, you may wish to get a daily digest of emails by logging-on to http://www.yahoogroups.com to change your mail delivery settings or email the moderators at [EMAIL PROTECTED] with the title "change to daily digest".
| Converts to islam | Holy quran |
YAHOO! GROUPS LINKS
- Visit your group "islamcity" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
