Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle

Notices

Reply
 
Thread Tools Search this Thread
Old 01-20-2011, 12:21 AM   #1
Alison C
Enthusiast
Alison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toys
 
Posts: 46
Karma: 5714
Join Date: Nov 2010
Location: Somerset, UK
Device: Kindle Paperwhite wifi
Could Kindle web access allow an email hijack?

This morning my email account was hijacked by spammers, who sent an email to pretty much everyone I've ever emailed (not just the addresses in my Contacts). It's a Gmail account, and I've never had this sort of problem before.

The only thing I can think of that I've done differently is that yesterday I used my Kindle to access emails; just playing with it at home to try it out really. When I'd finished I just went back to the book I was reading, without signing out from Gmail on the Kindle. (This may well have been stupid of me.)

Maybe I'm paranoid or ignorant or both, but could the fact that I didn't sign out of Gmail on the Kindle have allowed the spammers access to my account somehow? The Kindle has not left the house in the intervening period, and access is via my home wireless network.

The spammers were operating from an IP address in China; I've changed my password, followed some security settings advice from Gmail Help, and submitted a report to Gmail. I'd appreciate any comments or advice from people with more technical and Kindle knowledge than me (that's pretty much everyone!).

Coincidentally I have a computer technician coming round tomorrow to deal with issues I've been having about slow running and odd error messages relating to a plugin-exe application error; I'll ask him about this issue as well, but it's likely that he's never seen a Kindle before, as they're not exactly common here yet.

Alison
Alison C is offline   Reply With Quote
Old 01-20-2011, 12:44 AM   #2
kranu
I <3 my Kindle
kranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensions
 
Posts: 528
Karma: 51332
Join Date: Nov 2010
Location: United States
Device: Kindle 3G + WiFi
No, my Gmail account has never been hacked. I doubt that what you claim is true.

Assuming you have a WiFi Kindle, you connected through your own internet. The connection never went through Amazon's servers.

Chances are your computer is virus-infected, and needs to get cleaned; not the Kindle. Why would hackers target a Kindle when PC's are so much more of a bigger target?
kranu is offline   Reply With Quote
Old 01-20-2011, 01:11 AM   #3
FF2
Wizard
FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.FF2 ought to be getting tired of karma fortunes by now.
 
Posts: 1,111
Karma: 1025784
Join Date: Oct 2010
Device: WiFi Kindle3
I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi.

Ah, found a link to some site where it is mentioned:

http://www.wonderhowto.com/how-to-us...etwork-405854/
FF2 is offline   Reply With Quote
Old 01-20-2011, 01:20 AM   #4
kranu
I <3 my Kindle
kranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensionskranu can understand the language of future parallel dimensions
 
Posts: 528
Karma: 51332
Join Date: Nov 2010
Location: United States
Device: Kindle 3G + WiFi
Quote:
Originally Posted by FF2 View Post
I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi.

Ah, found a link to some site where it is mentioned:

http://www.wonderhowto.com/how-to-us...etwork-405854/
That wouldn't work unless someone from China flew over to her house, connected to HER network, collected her password, and flew back to China. Okay that's exaggerated. But what are the chances of someone coming along and hacking her network...
kranu is offline   Reply With Quote
Old 01-20-2011, 01:22 AM   #5
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 62,612
Karma: 40371179
Join Date: Nov 2006
Location: UK
Device: PW2, iPad Retina Mini, iPhone 4, MS Surface Pro, Onyx T68, N7,
I agree with the previous posters; the Kindle has nothing to do with this.
HarryT is online now   Reply With Quote
Old 01-20-2011, 02:04 AM   #6
m0ngr31
Connoisseur
m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.m0ngr31 could sell banana peel slippers to a Deveel.
 
Posts: 66
Karma: 3056
Join Date: Dec 2010
Device: Kindle Paperwhite
Quote:
Originally Posted by FF2 View Post
I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi.

Ah, found a link to some site where it is mentioned:

http://www.wonderhowto.com/how-to-us...etwork-405854/
I didn't read the article, but I'm guessing it's referring to FireSheep? The only place you really have to worry about that is in public wifi areas, like Starbucks or something unless the attacker gets in through your wireless. But chances are that if they know how to break your wifi encryption, they also know that arp poisoning is much more effective than FireSheep will ever be.

99% chance that you've got some virus/malware that's mining your data and sending it to China (especially if you've got a computer tech coming over to look at slowness and error messages since those are red flags for viruses). Get yourself a firewall on your computer so you can see exactly what it is sending to the internet and you won't have most of your problems.
m0ngr31 is offline   Reply With Quote
Old 01-20-2011, 02:32 AM   #7
avantman42
Guru
avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.
 
avantman42's Avatar
 
Posts: 929
Karma: 2967447
Join Date: Sep 2010
Location: UK
Device: Kindle & Nook
Quote:
Originally Posted by Alison C View Post
This morning my email account was hijacked by spammers, who sent an email to pretty much everyone I've ever emailed (not just the addresses in my Contacts). It's a Gmail account, and I've never had this sort of problem before.

The only thing I can think of that I've done differently is that yesterday I used my Kindle to access emails;
I can understand that it looks an awful lot like the two things are related, but it's just a coincidence.

Quote:
Originally Posted by Alison C View Post
When I'd finished I just went back to the book I was reading, without signing out from Gmail on the Kindle. (This may well have been stupid of me.)
If you don't sign out of your GMail, then someone could pick up your Kindle and get to your GMail. On the other hand, staying logged in is more convenient since you won't have to re-enter your password next time you want to check GMail on your Kindle. Logging out is more secure, but less convenient. Only you can decide whether the extra security is worth the inconvenience.

If you do leave it logged in, and decide that it was a bad idea (eg if you leave your Kindle on a bus/train/whatever), you can log into GMail from another machine, then log out all other sessions. This GMail help page has more information about that.

Quote:
Originally Posted by Alison C View Post
slow running and odd error messages relating to a plugin-exe application error;
These are much more likely to be the cause of your GMail hijacking. As others have said, it's extremely unlikely to be related to using your Kindle to check your GMail.
avantman42 is offline   Reply With Quote
Old 01-20-2011, 02:43 AM   #8
avantman42
Guru
avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.
 
avantman42's Avatar
 
Posts: 929
Karma: 2967447
Join Date: Sep 2010
Location: UK
Device: Kindle & Nook
Following up on this, and to respond to the more general question of "Could Kindle web access allow an email hijack?", rather than the specifics of your situation.

One thing I would strongly recommend is that you check that the 'Always use https' setting is enabled. It used to default to disabled, but now defaults to enabled. If you signed up to GMail when the default was for it to be disabled, I don't know if it would have been changed. There is more information, including instructions on how to set it, at this GMail help page.

Enabling the 'Always use https' setting means that all data sent between your Kindle (or PC, laptop, whatever) and GMail is encrypted, which makes it much more difficult for anyone to eavesdrop on your connection, whether you connect via wi-fi, 3G or something else.
avantman42 is offline   Reply With Quote
Old 01-20-2011, 03:58 AM   #9
Alison C
Enthusiast
Alison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toysAlison C shares his or her toys
 
Posts: 46
Karma: 5714
Join Date: Nov 2010
Location: Somerset, UK
Device: Kindle Paperwhite wifi
Thanks, everyone, for these helpful replies.

Quote:
I doubt that what you claim is true.
Kranu, I don't think I "claimed" anything - I asked a question, and specifically offered up the possibilities that I was being paranoid and/or ignorant! I wanted to ask the question here because if there were a Kindle-related problem it's much more likely that people here would know about it than my local computer technician.

I'm reassured that the consensus is that it's not the Kindle; thanks, all. Avantman42, I followed the Gmail help instructions this morning, including enabling "always use https", which was disabled when I looked at my settings. MOngr31, we do have a firewall, but I'd have to confess I have no idea how to check up on what's going in or out - hence calling in an expert!

Thanks again; much appreciated.

Alison
Alison C is offline   Reply With Quote
Old 01-20-2011, 04:23 AM   #10
avantman42
Guru
avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.avantman42 ought to be getting tired of karma fortunes by now.
 
avantman42's Avatar
 
Posts: 929
Karma: 2967447
Join Date: Sep 2010
Location: UK
Device: Kindle & Nook
Quote:
Originally Posted by Alison C View Post
I'm reassured that the consensus is that it's not the Kindle; thanks, all. Avantman42, I followed the Gmail help instructions this morning, including enabling "always use https", which was disabled when I looked at my settings.
I'm glad you found it helpful. Just one thing to bear in mind with using HTTPS, though - it secures the data as it travels from your computer (or Kindle, mobile phone, whatever) to Google's server. If someone can get at the data on your computer (most likely by getting a trojan or virus onto it), HTTPS won't help. It's a good thing to have enabled, but it won't prevent every possible attack.

Russ
avantman42 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Email from Web Browser timctrahan Calibre 18 09-19-2010 01:09 AM
Kindle web access question anniep Amazon Kindle 5 11-22-2009 04:15 PM
Calibre & web access Nate the great Calibre 4 03-03-2009 08:14 PM
Problem with BookDesigner Trying to Access the Web QuantamPulse Workshop 6 09-04-2008 12:41 AM


All times are GMT -4. The time now is 07:19 AM.


MobileRead.com is a privately owned, operated and funded community.