Comments for I let a stranger send email from my computer, what could that have done?

Comment from Bill P. Godfrey on 2009-06-24

2009-06-24T11:44:06Z

I have a "guest" account as an XP limited user for exactly this purpose. Afterwards, I would go ahead and nuke that user account and then make a new one.

Absent any privilege escalation vulnerabilities or she uses a screwdriver, I think thats safe.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Dave on 2009-06-20

2009-06-21T00:56:58Z

Change all of your passwords immediately!!! It's not that hard to obtain all passwords stored on your computer.
You can also place an alert with the charge card companies that you have used on the computer. If you want to be real careful, replace the cards with new ones.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Randy on 2009-06-17

2009-06-18T01:41:30Z

I briefly read this thread and a few suggestion-balloons popped in my head:
First off, I must ask a simple question: Did you go to the "SENT" folder of your email client [errrrr.... gamil, hotmai, yahoo, outlook, t-bird, etc.] and see if she was kind enough to leave a simple clue for you? If not, then take a look at the "DELETED" or "TRASH" folders for some possible telltale hints.
1) Any personal and/or sensitive data files should always be password protected [at a minimum] or encrypted [for the paranoid]. Certain file types [*.txt, *.jpg, etc.] are not readily secured as above but can always be archived [*.zip, *.rar, etc.]. Instructions are here http://www.dslreports.com/faq/8730
2) The Bulgarian gal should have been allowed usage via a "guest" account on the machine, rather than your normal log-on >> You do mandate User/PW entry for post-boot OS log-in, right?
3) A password storage application [such as the OpenSource from http://keepass.com There have been many books, tuts, instructions on the subject matter of security but getting into good/secure computing habits always take constant vigilance but can almost become rote!

You were asking about [Hard Disk Drive] Imaging: Think of it as a bit-for-bit snapshot of your current OperatingSystem (OS) configuration and everything else that is contianed within the same HDD/Partition. It is not to be confused with the System Restore functionality within WinXP/WinVista OS [which does not hurt to turn on anyways]. Imaging should also not be confused with archiving files/data. It used to be Norton Ghost, Acronis TrueImage that were the top dogs in PAYware but why spend $$ when you can just download a FREEware imaging utility from http://www.runtime.org/driveimage-xml.htm? ;)

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Sun Wu-kong on 2009-06-17

2009-06-17T14:01:35Z

If I were him,I would ask the lady to show email address and message she wanted to send and do the sending for her.
She is NOT to touch my computer.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rahul on 2009-06-17

2009-06-17T10:44:12Z

A second thought.....

How can you be sure if she sent an innocent email? what if she used the stranger's machine to send a threat or scare email to someone - say a bomb threat?

These are not the time to trust strangers.... not even pretty ones.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Kenneth P. Pukenis on 2009-06-17

2009-06-17T10:18:10Z

Simply stated, it was a stupid thing to do. Format (re-format) your hard drive.....period.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Özgür Çallı on 2009-06-16

2009-06-17T06:11:48Z

i think some people have really bad trust issues. and Mr. Gary Yannone, shame on you. How nice is it do you think giving out a name of a student which might be %100 innocent.
same goes for Mr. Frank deKrank too. That could happen to anyone including you.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rohn on 2009-06-16

2009-06-17T04:53:16Z

Come on Ragnar Even the paranoid sometimes have real enemies that follow them.

The whole point of social engineering is precisely to make it look like there is no "heinous intent". A magician's pretty, young, female assistant is there to distract the audience. Replace "magician" with "social engineer/hacker" and her role is still the same. Let's face it, it is no secret that guys get dumb/"gallant" around "pretty girls".

Ragnar, I'm not flaming you, but I'm sorry to say the 'bad guys' DEPEND on your type of attitude to make their attacks work.

The point has already been made that if the "bad guy/girl" has physical access to your computer, they can hack it. In this case they didn't even have to hack a logon password, it was already logged on. So they could have done anything, the simplest way is by browsing a website that performs "drive-by downloads".

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Frank deKrank on 2009-06-16

2009-06-17T03:38:51Z

Just can't say no to young female, huh?. If she is flying, she can afford a few moments at the Internet kiosk. Should have asked if you could take her picture with your cell phone first. See how fast she walks away!

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Snail on 2009-06-16

2009-06-17T03:38:40Z

In case you would need to let someone else(not necessarily untrusted) onto your computer who might have a contaminated medium they introduce to your computer or access something inadvertently, consider some precautions.
If you want to be really safe, commit to memory all your passwords, avoid saving user settings to the hard drive if possible, anything you must have access to consider putting on a flash drive for quick access. This also means your OS runs smoother -- and keeps you in control of what is running or not and what priority things are given. Of course, there is even the option to run applications(not sure about restrictions) from flash drives.

Couple with this series of suggestions, I add further: have a restricted set of operating your computer either with(1) a clamped down user account in WinXP Pro or a separate install disk for "public" access situations in which you reduce exposure to your file systems by running a trimmed version/operating mode
or (2) a different operating system.
Either options can be utilized via a secondary(or auxiliary) hard drive(separate and distinct physical object as opposed to a partition) or from a different partition on your hard drive.
Back to Leo's caveat: if it is not physically secure, it is not secure. There are ways to damage the hardware within software(OS or otherwise) operations. Keep an eye on your computer(it is your company) and know its every deed and keep it safe from outside persons' control as much as possible.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Chris Awad on 2009-06-16

2009-06-17T02:20:25Z

It all comes down to the question:

Is the glass half empty or half full?
Do you believe in the good in people or the bad?

I would have likely let her go ahead and use my lappy, but only after telling her if she minded if I watched her. If it is indeed innocent which I do believe it was, then she has nothing to worry about while I watch. Besides, it should be expected -- here you are asking me for help that you seem to need badly, and here I am giving it to you freely. Let me watch.

She wouldn't decline, and although im optimistic, I still would look over her shoulder, but in a polite way -- im not stupid. :)

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Martha Fleischer on 2009-06-16

2009-06-17T00:18:47Z

You've referred to an image backup a few times. What is it and how do you do it?

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Ragnar Barefoot on 2009-06-16

2009-06-16T19:36:53Z

Come on guys! Let's not be paranoid. I would think the bad guys would go for more efficient efforts to do a thing like this. Unless the subject is specifically targeted for some reason or another, I think chances are pretty negligible that there was a hienous intention in this young girl's action.

You are of course correct, and I'm certainly not one to stir up paranoia. The problem, and the reason I ran this question, is that letting a stranger in an airport use your computer is a really bad idea and people need to be more security conscious. The chances may be negligible but unfortunately they're not zero.

- Leo
17-Jun-2009

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Paul Higgins on 2009-06-16

2009-06-16T18:44:18Z

It is correct that this could well be perfectly innocent. But could this be another social engineering technique the baddies have dreamt up?
Presumably it would be successful until discovered- and quite probably for a long while afterwards. How many of us would have said no to a pretty girls cry for help?

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Jen on 2009-06-16

2009-06-16T17:35:51Z

I would also suggest changing all passwords immediately and change your security questions & answers if you haven't already done so to prevent some further damage.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Bernard Winchester on 2009-06-16

2009-06-16T16:20:38Z

Well, maybe there's a little bit of paranoia here! I used to teach Internal Control to finance students, and would ask them what, in general, is the result of a lapse in internal control, and got dozens of lurid replies. The answer is, in general, nothing; usually there are no consequences. Most of us have occasionally forgotten to lock the back door, and anything could have happened with that door unlocked, but did it? Only if you were very unlucky. Likewise, how many people are prowling around waiting to install keyloggers into unsuspecting person's computers? It's not something I've ever heard of. So I would say that it is 99.9% probable that she just wanted to send the e-mail, as she said.
Of course, if you're worried, do the checks Leo suggests; you could also run a process checker and look for suspicious activity or even do a system restore to a date before the incident. Check your browser history to see if she visited any web-sites; you would expect to see an email site like hotmail, yahoo or g-mail. But don't panic!

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rahul on 2009-06-15

2009-06-15T23:36:33Z

This machine can't be trusted any more.

She was on Internet. She could have pulled in and installed a key logger or some other program that calls home. Taking disk image would carry it along. Got to have an image before the incident.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Umair on 2009-06-15

2009-06-15T16:01:15Z

could he have let her use a restricted guest account with UAC enabled and requiring password? apparently that could have been much more secure. not entirely though.

]]>

A comment on: I let a stranger send email from my computer, what could that have done?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.