Email Hacking Facts and Fictions
Lots of newbies keep asking or search for techniques to hack someones email password like yahoo gmail msn etc.
First of all it should be noted that getting someone’s password out of a server is something impossible for the very simple reason that in most cases the password is stored no-where. Newbies think and make attempts to get the some one’s password from the target server. But yes this is not possible. Passwords are not stored directly, but as hashes (if you are a web developer then you must be knowing this). Hashing is basically a one way algorithm to turn a string of any size into a fixed sized string. For more on hashing get to wikipedia. Hashes cant be reverted to get back the original string. Now when a user logs into a system, he provides his username and password. Now the password is hashed again and compared with the hash that was stored during registration. If both match then access is granted.
But yes there are techniques to get some one’s password or rather “steal” them from the original user. Thats the only way to get the password.
Some common techniques are :
1. Phishing : Now “phishing” it basically “tricking” , to trick a user into providing his login details to you. The most popular way to do this is by creating a fake login page which looks like the login page of the original system and make the user login through this fake login page. When the user attempts this then the login details he provides go to the hacker rather than the actual system. Phishing issue arise in a lot of situations e.g. email logins , bank logins etc.
2. Social Engineering : This technique involves collecting some information about the user which can provide access to his system. The best possible extent of doing this would be to get the password itself from the user but in most cases this is not possible. Most email systems for example provide a password recovery mechanism which involves answering certain questions like Your birthdate , phone number , pet name etc. Now a hacker clever at social engineering would talk with the user directly and during the conversation would try to make the user speak out the information that is useful to get access to the user’s mail. For e.g. a hacker could ask the birthdate some where in the conversation and if the user tells it, then the user can use it. Social engineering aims at collecting as much information as possible from the user which can be useful to get the login or access to his mailbox.
3. Trojans/Keyloggers/Spyware : This is a software based technique. It involves installing a piece of software on the victim’s computer so that the activity on the target computer can be recorded and read by the hacker. For e.g. logging all keyboard activity and then searching them for usernames and passwords.
Popularity: 4% [?]
