Is this possible?

[navjotjsingh]

Today my sister's orkut account got hacked and some other person was replying with her account on other's scraps. When my sister logged on and asked her who he was and how did he do this? He replied that you recently clicked some javascript link in your browser and cookies from the browser got transferred to his pc. And now he does not need user id and passwords to login to my sis's account. Is it possible. My sis got the password changed and he again logged back in. He reconfirmed that password change won't stop him. Is this possible?

And how to prevent this. As a precautionary measure I have removed complete firefox profile folders of my sister. I am using latest Firefox 2.0.0.2.

[shashank4u]

i think u shud change the browser settings to default...
and i think after the password change he wud not be able to login in yr sis account.
also check for spyware,keyloggers.

[Choto Cheeta]

i think,

simply some how ur sis was manage to leak out her password or some one guessed it

well thats my view only

[47shailesh]

Hmm...

First a brief intro about GUID (Globally Unique Identifier)...

Whenever u click "remember me" on login based site a cookie is created with a GUID in it...this cookie stores password and username in it, so that user can be identified on the basis of GUID on his/her return....

GUID is a unique string..

Now getting back to question....

When ur sis clicked on an AD or on JS then those scripts executes and search for GUID in the cookie folder...

If they get one they stores it and return to there MASTER hehe in ur case to that prank....

Solution: clear all cookies... get the password change ur r safe then...

And too use Spybot search and destroy + AdAware to detect for any maleare present in ur system....

[navjotjsingh]

More Interesting Info...my sis never uses remember be option. I suggested her using long before since time gets wasted in typing again and again but she never listened.

[47shailesh]

That is the most probable attack by JS that i have mentioned...

If that not the case then there can be N guesse for the reason...

[piyush gupta]

If clearing cookies and changing password are not working check your system for malwares

i m sure this person is using some evil scripts for your account login
just a guess

Can he access your other account e.g gmail,yahoo etc.

[navjotjsingh]

Well he hasn't logined today...I guess its safe now. And no malwares on my PC. I am dead sure.

[47shailesh]

^Congrats

[piyush gupta]

@navjotsingh

i think he just luckly enterd into your sis account

now u r safe

enjoyy

cheers