Udhay feels that the account got hacked because of some sort of
javascript or other browser exploit caused by visiting a compromised
site .. that'd then take over the infected PC and vacuum it for passwords.
The other options are -
1. Just being infected by a virus
2. Checking mail without https on an open wifi access point where
someone latches on and runs a sniffer - eg: at airports / coffee shops
3. Dictionary attacks that break simple passwords
srs
On Friday 28 January 2011 08:42 AM, Deepak Misra wrote:
> On Fri, Jan 28, 2011 at 6:54 AM, Udhay Shankar N <ud...@pobox.com> wrote:
>> The beauty of the "cloud" is that it doesn't matter which OS you're
>> running, you're still at the mercy of what somebody threw together in
>> javascript over a weekend (both on the server, as well as the attack
>> vector).
>
> If you have the time and inclination, could you elaborate further ??
>
> Deepak
>
