We've changed passwords on all the accounts, and multiple different AV scans show nothing. Any ideas on anything I may have missed ?
Wipe and re-install ?
Printable View
We've changed passwords on all the accounts, and multiple different AV scans show nothing. Any ideas on anything I may have missed ?
Wipe and re-install ?
Browser cache/cookies. Consider adding some form of click jacking/clear frame protection via script stoppers/anti-phishing tools to the browser. Which DNS provider? Consider moving to google or openDNS. Check wi-fi/router security.
Is the account accessed on any other machines/devices? Mobile devices are quite bad for security as they'll often store logged-in cookies.
Using NoScript already on latest FF.
Router is on WPA2
DNs eh ? It's the standard for the ISP. I'll have a look when I get home.
EDIT: Yes - on her Android. Unlikely that's been cracked I would have thought. I know Andoid is full of holes, but without physical access, how would it get broken ?
Has she got any apps which she logs into google services with? They could easily be using her login once they have it.
Mobiles are often set up to auto connect to free wi-fi spots. Hacker only needs to use the same SSID as a free spot and your MID will connect to it, exchange packets, and if queried correctly, give up login cookies for things like facebook. No physical access required. I would have thought gmail is more secure than that, but could be wrong.
http://www.bbc.co.uk/blogs/thereport...king_wifi.html
Yes - this is the firesheep 'man-in-the-middle' atack ?
As she works in a rural area I had turned off the WiFi to save battery time. Also all Gmail is cinfigured to be SSl from the start now.
Weak password?
I'd also recommend change passwords to other accounts associated to Gmail, i.e. Hexus, Amazon, that may have the same password.
My brother had his gmail account hacked a long time ago, not sure how it happened, it just did, although he couldn't access it via web, he will still logged in via a email program & managed to rescue the account.
Password was non-dictionary. Possibly too short at 6 characters though.
No sign of underhanded activities, but then all the other accounts have different passwords. Financial ones were very strong.