Udhay feels that the account got hacked because of some sort of javascript or other browser exploit caused by visiting a compromised site .. that'd then take over the infected PC and vacuum it for passwords.
The other options are - 1. Just being infected by a virus 2. Checking mail without https on an open wifi access point where someone latches on and runs a sniffer - eg: at airports / coffee shops 3. Dictionary attacks that break simple passwords srs On Friday 28 January 2011 08:42 AM, Deepak Misra wrote: > On Fri, Jan 28, 2011 at 6:54 AM, Udhay Shankar N <ud...@pobox.com> wrote: >> The beauty of the "cloud" is that it doesn't matter which OS you're >> running, you're still at the mercy of what somebody threw together in >> javascript over a weekend (both on the server, as well as the attack >> vector). > > If you have the time and inclination, could you elaborate further ?? > > Deepak >