Question about application history on Win7

On 24 Jan 2012, "KCB" <> wrote in
alt.windows7.general:

> "VanguardLH" <> wrote in message
> news:jfmsir$ovd$...
>>
>> Well, did you beforehand enable audit policies for process
>> tracking?
>>
>> gpedit.msc
>> node: Computer Configuration -> Windows Settings, Security
>> Settings ->
>> Local Policies -> Audit Policy
>> setting: Audit process tracking
>
> Thanks for this information. I did not have this enabled, but
> will surely check these options to see what I can track.

The Group Policy Editor is only included with Windows 7 Pro and
Ultimate, so you may not have it, depending on what version you run.

Enabling the auditing shown above will make a record in the Security
Long every time a program or process is started, and by what user
account. This can generate a lot of entries, so you might be careful
about when you turn it on, and you'll want to turn it off once your
sleuthing is done.

On Tue, 24 Jan 2012 19:28:26 -0600, Nil <>
wrote:

> On 24 Jan 2012, "KCB" <> wrote in
> alt.windows7.general:
>
>> "VanguardLH" <> wrote in message
>> news:jfmsir$ovd$...
>>>
>>> Well, did you beforehand enable audit policies for process
>>> tracking?
>>>
>>> gpedit.msc
>>> node: Computer Configuration -> Windows Settings, Security
>>> Settings ->
>>> Local Policies -> Audit Policy
>>> setting: Audit process tracking
>>
>> Thanks for this information. I did not have this enabled, but
>> will surely check these options to see what I can track.
>
> The Group Policy Editor is only included with Windows 7 Pro and
> Ultimate, so you may not have it, depending on what version you run.
>
> Enabling the auditing shown above will make a record in the Security
> Long every time a program or process is started, and by what user
> account. This can generate a lot of entries, so you might be careful
> about when you turn it on, and you'll want to turn it off once your
> sleuthing is done.

Well not unless you want a rapidly expanding logfile on your system....



--
Using Opera's revolutionary email client: http://www.opera.com/mail/

"J. P. Gilliver (John)" <> wrote in message
news:+...
> In message <jfn9hu$394$>, KCB <>
> writes:
> []
>>One of my email accounts got hacked, and I was thinking maybe some rogue
>>program on my computer. Hopefully, this is not the case, as my computer
>>was off at the time the emails were (apparently) sent. My employer was
>>closed, with no access to my work computer, so I don't think anything
>>happened there, either. It seems from the headers, if they can be
>>believed, that the originating computer was in Israel, and other than my
>>name and email address, there is nothing else in the source that points to
>>anything related to me. I'm still baffled how they did it.
>
> When you say your account got hacked, and you mention headers - do you
> just mean that someone sent an email that seemed to come from you (which
> whoever received it subsequently told you about)? Or something more
> serious, someone hacked into your account and read your emails (presumably
> a web-based or similar type - maybe the hotmail you're hiding - since your
> PC was off at the time)?
>
> If it's just spoofed From: headers, don't worry - there's nothing you can
> do about that and nothing you've done wrong (or carelessly) to cause it.

It was the hotmail account, and they did access it online. I received many
bounces when I logged in, which clued me in to something wrong. Hotmail
subsequently locked the account after seeing the volume of outgoing mail,
and I've had to reset it. It was a spammer sending out links to what I'm
sure are sites you wouldn't want to visit. I alerted everybody through my
other email accounts, and after the reset, think I've regained control.

Hotmail limits passwords to 16 characters, which is rather short for my
tastes, but I think I've sufficiently randomized my new password so as not
to go through this again.

KCB wrote:
>
> "J. P. Gilliver (John)" <> wrote in message
> news:+...
>> In message <jfn9hu$394$>, KCB <>
>> writes:
>> []
>>> One of my email accounts got hacked, and I was thinking maybe some
>>> rogue program on my computer. Hopefully, this is not the case, as my
>>> computer was off at the time the emails were (apparently) sent. My
>>> employer was closed, with no access to my work computer, so I don't
>>> think anything happened there, either. It seems from the headers, if
>>> they can be believed, that the originating computer was in Israel,
>>> and other than my name and email address, there is nothing else in
>>> the source that points to anything related to me. I'm still baffled
>>> how they did it.
>>
>> When you say your account got hacked, and you mention headers - do you
>> just mean that someone sent an email that seemed to come from you
>> (which whoever received it subsequently told you about)? Or something
>> more serious, someone hacked into your account and read your emails
>> (presumably a web-based or similar type - maybe the hotmail you're
>> hiding - since your PC was off at the time)?
>>
>> If it's just spoofed From: headers, don't worry - there's nothing you
>> can do about that and nothing you've done wrong (or carelessly) to
>> cause it.
>
> It was the hotmail account, and they did access it online. I received
> many bounces when I logged in, which clued me in to something wrong.
> Hotmail subsequently locked the account after seeing the volume of
> outgoing mail, and I've had to reset it. It was a spammer sending out
> links to what I'm sure are sites you wouldn't want to visit. I alerted
> everybody through my other email accounts, and after the reset, think
> I've regained control.
>
> Hotmail limits passwords to 16 characters, which is rather short for my
> tastes, but I think I've sufficiently randomized my new password so as
> not to go through this again.

I'm not a Hotmail user, and have never tried to sign up for an account.

What would concern me, would be the "password recovery" process. When
you got control of your Hotmail account again, have you also changed
the details of the "password recovery" feature ? Otherwise, they
may have set it up, such that they can take control again.

http://www.ehow.com/way_6147697_hotm...-recovery.html

Paul

"KCB" <> wrote in message
news:jfoom1$l8j$...
>
> "J. P. Gilliver (John)" <> wrote in message
> news:+...
>> In message <jfn9hu$394$>, KCB <>
>> writes:
>> []
>>>One of my email accounts got hacked, and I was thinking maybe some rogue
>>>program on my computer. Hopefully, this is not the case, as my computer
>>>was off at the time the emails were (apparently) sent. My employer was
>>>closed, with no access to my work computer, so I don't think anything
>>>happened there, either. It seems from the headers, if they can be
>>>believed, that the originating computer was in Israel, and other than my
>>>name and email address, there is nothing else in the source that points
>>>to anything related to me. I'm still baffled how they did it.
>>
>> When you say your account got hacked, and you mention headers - do you
>> just mean that someone sent an email that seemed to come from you (which
>> whoever received it subsequently told you about)? Or something more
>> serious, someone hacked into your account and read your emails
>> (presumably a web-based or similar type - maybe the hotmail you're
>> hiding - since your PC was off at the time)?
>>
>> If it's just spoofed From: headers, don't worry - there's nothing you can
>> do about that and nothing you've done wrong (or carelessly) to cause it.
>
> It was the hotmail account, and they did access it online. I received
> many bounces when I logged in, which clued me in to something wrong.
> Hotmail subsequently locked the account after seeing the volume of
> outgoing mail, and I've had to reset it. It was a spammer sending out
> links to what I'm sure are sites you wouldn't want to visit. I alerted
> everybody through my other email accounts, and after the reset, think I've
> regained control.
>
> Hotmail limits passwords to 16 characters, which is rather short for my
> tastes, but I think I've sufficiently randomized my new password so as not
> to go through this again.

The Hotmail hackers usually delete the mails after sending them. You can
recover those messages to see exactly who they spammed:

http://windowslivehelp.com/solution....8-bdf3a469783a

As for the password issue...I have strong, random passwords on all of my
accounts--including Hotmail--and it did not prevent my account being hacked.
Luckily, I only use the account for mailing lists, so to me, at least,
little harm was done.

On 1/25/2012, Paul posted:
> KCB wrote:
>>
>> "J. P. Gilliver (John)" <> wrote in message
>> news:+...
>>> In message <jfn9hu$394$>, KCB <>
>>> writes:
>>> []
>>>> One of my email accounts got hacked, and I was thinking maybe some rogue
>>>> program on my computer. Hopefully, this is not the case, as my computer
>>>> was off at the time the emails were (apparently) sent. My employer was
>>>> closed, with no access to my work computer, so I don't think anything
>>>> happened there, either. It seems from the headers, if they can be
>>>> believed, that the originating computer was in Israel, and other than my
>>>> name and email address, there is nothing else in the source that points
>>>> to anything related to me. I'm still baffled how they did it.
>>>
>>> When you say your account got hacked, and you mention headers - do you
>>> just mean that someone sent an email that seemed to come from you (which
>>> whoever received it subsequently told you about)? Or something more
>>> serious, someone hacked into your account and read your emails (presumably
>>> a web-based or similar type - maybe the hotmail you're hiding - since your
>>> PC was off at the time)?
>>>
>>> If it's just spoofed From: headers, don't worry - there's nothing you can
>>> do about that and nothing you've done wrong (or carelessly) to cause it.
>>
>> It was the hotmail account, and they did access it online. I received many
>> bounces when I logged in, which clued me in to something wrong. Hotmail
>> subsequently locked the account after seeing the volume of outgoing mail,
>> and I've had to reset it. It was a spammer sending out links to what I'm
>> sure are sites you wouldn't want to visit. I alerted everybody through my
>> other email accounts, and after the reset, think I've regained control.
>>
>> Hotmail limits passwords to 16 characters, which is rather short for my
>> tastes, but I think I've sufficiently randomized my new password so as not
>> to go through this again.

> I'm not a Hotmail user, and have never tried to sign up for an account.

> What would concern me, would be the "password recovery" process. When
> you got control of your Hotmail account again, have you also changed
> the details of the "password recovery" feature ? Otherwise, they
> may have set it up, such that they can take control again.

> http://www.ehow.com/way_6147697_hotm...-recovery.html

> Paul

Interesting...

I never would've thought of that.

Mulţumesc (= thanks).

--
Gene E. Bloch (Stumbling Bloch)

"Paul" <> wrote in message
news:jfopln$pc8$...
> KCB wrote:
>>
>> "J. P. Gilliver (John)" <> wrote in message
>> news:+...
>>> In message <jfn9hu$394$>, KCB <>
>>> writes:
>>> []
>>>> One of my email accounts got hacked, and I was thinking maybe some
>>>> rogue program on my computer. Hopefully, this is not the case, as my
>>>> computer was off at the time the emails were (apparently) sent. My
>>>> employer was closed, with no access to my work computer, so I don't
>>>> think anything happened there, either. It seems from the headers, if
>>>> they can be believed, that the originating computer was in Israel, and
>>>> other than my name and email address, there is nothing else in the
>>>> source that points to anything related to me. I'm still baffled how
>>>> they did it.
>>>
>>> When you say your account got hacked, and you mention headers - do you
>>> just mean that someone sent an email that seemed to come from you (which
>>> whoever received it subsequently told you about)? Or something more
>>> serious, someone hacked into your account and read your emails
>>> (presumably a web-based or similar type - maybe the hotmail you're
>>> hiding - since your PC was off at the time)?
>>>
>>> If it's just spoofed From: headers, don't worry - there's nothing you
>>> can do about that and nothing you've done wrong (or carelessly) to cause
>>> it.
>>
>> It was the hotmail account, and they did access it online. I received
>> many bounces when I logged in, which clued me in to something wrong.
>> Hotmail subsequently locked the account after seeing the volume of
>> outgoing mail, and I've had to reset it. It was a spammer sending out
>> links to what I'm sure are sites you wouldn't want to visit. I alerted
>> everybody through my other email accounts, and after the reset, think
>> I've regained control.
>>
>> Hotmail limits passwords to 16 characters, which is rather short for my
>> tastes, but I think I've sufficiently randomized my new password so as
>> not to go through this again.
>
> I'm not a Hotmail user, and have never tried to sign up for an account.
>
> What would concern me, would be the "password recovery" process. When
> you got control of your Hotmail account again, have you also changed
> the details of the "password recovery" feature ? Otherwise, they
> may have set it up, such that they can take control again.
>
> http://www.ehow.com/way_6147697_hotm...-recovery.html
>
> Paul

I thought about that, but the hacker never changed the password.
Notifications about any change in the account go to my phone, and another
email address. There weren't any changes in the account to let me know,
only the bounces from some old addresses, that I saw when I logged-in.