Would someone knowledgable enough to work in computer security be able to break into someones email account? Would they have to know your address? Would they be able to plant phony mail in another persons name? How easy would it be if their computer was on the same in house network router? Would they have to have network administrator status? And lastly is there anyway to protect against someone breaking in this way? Thanks.

I'm not an expert, but, I think I've got a little info for you.

Someone "might" be able to hack into someone's email account (especially if they have sensitive info stored on the PC and don't have a strong firewall); the more likely scenario would be for them to forge a header with your/their email address so people think it's from you/them.

If you're sharing a PC, the best thing to do would be to change all your passwords, IMMEDIATELY. Hopefully, the PC administrator is NOT the one doing the hacking. If so, I'm not sure what kind of access they'd have to your passwords; it would depend on which O/S you're running, I believe. Really not sure about this.

Another option would be to get a digital ID/signature, but this would only work if no one else had direct access to your email account (on your ISP's webmail server; not sure how the Digital ID works via webmail) or email client (Outlook, Outlook Express, Incredimail, etc.). You can get a FREE digital ID from Wild ID.

We'll have to wait for Dwight and/or TomGL2 - and anyone else I didn't think of, with their same level of expertise - to chime in here with more accurate/detailed info.

If this is happening to you gat, it WAY sucks. I have a sinking feeling, if you/they aren't the admin on the PC/network, you're/they're at the mercy of the one in control. But, I'm not absolutely certain of this, so let's wait til Dwight or Tom posts a response.

Your/their only other option would be to set up a free Yahoo or Hotmail account and let your/their friends know what's happening. Make sure you/they don't check the "remember me on this PC" box. You'll/they'll have to provide your/their password each time you sign in.

1. Would someone knowledgeable enough to work in computer security be able to break into someone's email account?

Yes, a computer security expert would have the necessary knowledge.

2. Would they have to know your address?

Yes, they would have to know the address of email account they're trying to "hack". If they have access to your computer, the address would be very easy to find.

3. Would they be able to plant phony mail in another person's name?

Yes, as sonnet26 noted, that would not be difficult.

4. How easy would it be if their computer was on the same in house network router?

Being on the same Network certainly makes it easier for the malicious hacker.

5. Would they have to have network administrator status?

Not necessarily the "status" but they would have to have access, meaning password(s), etc.

6. And lastly is there anyway to protect against someone breaking in this way?

Protection is a relative term. Absolute protection? Probably not. But you can add layers of protection. From your description of the system you're on, I believe you will have to work with your System Administrator to try to protect yourself. If the SysAdm is who you're suspecting, can you go to his/her supervisor and seek help?

I hope this is helpful. Also, hopefully others will post here, too. Network Security is extremely complex and dynamic (it changes a lot) and what may have been true yesterday isn't necessarily the case today. Perhaps there are better solutions available.

Dwight

[This message was edited by Dwight on 07-21-03 at 12:18 AM.]

I'm sorry to say, forging someone's email address is unfathomably easy for someone with only a moderate amount of computer knowledge.

I just returned from an extensive search of the web and found plenty of disturbing stuff. Heck, I just learned how to forge someone's email, via a tutorial, myself; I could do it right now if I was low-life scum.

A digital ID may be the way to go; that way everyone you email (friends and businesses alike) will know if it really is you, or not.

One more caveat: I'd stay completely away from ANY public chatrooms (except AP's). There is software out there to forge your IM ID while you're sitting there chatting, and not a thing you can do about it. Make sure you only "hang" with people you absolutely know and trust.

Thank you Sonnet and Dwight. This was a hypothetical question. I am not on a network here but may at sometime. I think "low life scum" is a very fitting description.

Jeez, gat! Next time, mention the fact that your question was hypothetical. You had me worried out of my mind, ya yutz. I PMed The Master, and everything.

Although, it was a pretty good way to get some really good info, fast.

Outstanding question(s), by the way.

Grim thought of the day:

If your email proxider has a "secure" or "SSL" login opion (such as Yahoo), please use it. This encrypts your password as it is being transmitted. Otherwise, someone else on the network (like IT Admins, your boss, etc.) could use a simple packet sniffer to watch your username & password being sent unencrypted across the network. With this information, all the person has to do is login.

Makes you want to think twice about checking your email in a public place.

Don't know if hotmail has that option. I'll look to see though John. Thanks. That is the only account I really use. Maybe I should make low life scum my password in case anyone ever reads it. My mail isn't all that interesting.

AOL and MSN Hotmail both send your password securely. (The validator is HTTPS) Just make sure when logging into MSN Hotmail the domain is http://login.passport.net/ If you are logging into any of the AOL/Netscape/Compuserve sites, make sure the address contains http://my.screenname.aol.com/

If the address contains an @ symbol, do not log in. For example, click this link and see where it goes: http://www.hotmail.com@www.answerpool.com/
This is a favorite spammer & scammer tactic and many people are fooled by this. People actually give scammers their passwords thinking that the address is real!