I hopped on my computer to access my e-mail this afternoon and upon doing so I was told by hotmail that my password was incorrect. Unsure as to what could cause this I proceeded to send my password to my alternate gmail account, where I was greeted by an interesting e-mail. The email was sent via my gmail account to myself and it contained my full name, address, bank account number, routing number, social security number, gmail account password and old and new hotmail account password. At the bottom of the e-mail there was a brief message saying my data had not been harmed nor would it be. Naturally bothered I proceed to contact paypal and my bank regarding this intrusion to find out if any unathorized access had occurred as those are the *only* places on the net I had actually entertained my bank info and social security. My primary bank reported no access attempts while paypal reported 4 failed access attempts not done by me, and nothing else.

At this point I decided to change my passwords and figured there was really nothing else I could do because niether paypal nor my bank could actually help me with the situation. I proceeded to inform a few friends about what had happened, when my stoner buddy spilled the beans.

Last night while tripping on robbitussin he ran a port probe on my computer while I was asleep and accessed my computer through an open port via telnet. Upon gaining access he ran an application that was able to show what little saved password info I had for IE, used the clipboard to take a screenshot and retrieved the image via telnet. With that information he then gained access to my gmail account. At that point he headed over to my MSN account and did a password retrieval by sending the password to my gmail account where he was able to change it. At that point he logged into my MSN account wherein he found a copy of my 2004 tax return that contained the rest of my personal information that his scans could not yield. Oh and to top it off he used a proxy from another country that does not value US warrants for IP addresses.

I don't like windows firewall and I want a new one. :(

Windows Firewall is pretty much useless. I'm not a fan of software firewalls at all, but if I absolutely had to choose one, it'd be Zone Alarm. I still prefer hardware firewalls though. Those are like your cable/DSL routers. That's all I've been using the past four years and I haven't gotten any kind of infections, not even spyware. Of course, not going to sketchy sites has a bit to do with that, but it's just proof that it can be done.

yes zone alarm suite rocks paired wth peerguardian 2, thats what i use

Get a router with NAT and don't forward anything to your machine you don't need absolutely.

Yep, that's what I have. NAT hardware firewall, but I do have forwarded (open) ports. From what I've seen, most portscans stop around 6-7000, so my open ports are all 5-digit numbers.

I have a router firewall, but I failed to remember that my DMZ was still active from some tweaking I'd done a long time ago. >.>

Oh..yeah, I never used DMZ. I just forwarded the one or two ports needed for whatever application I needed to open some ports for.

I proceeded to inform a few friends about what had happened, when my stoner buddy spilled the beans.

sounds like it's time to get a new friend too.

sounds like it's time to get a new friend too.
Yeah, you can pick one up pretty cheaply these days ;)

In retrospect, I'm sure you can see the funny side of it. Maybe.

I used to use Norton Firewall (I know, I know), but when I ran some home tests to see how effective it actually was against simple attacks, I found Avast & Kaspersky picked up on and semi-successfully repelled them, whilst Norton just sat around telling me everything was fine. Now for firewalls I'm just using a NAT router & winblows firewall.

I've had a friend steal my password and change it and then proceeded to laugh at me. Needless to say he is no longer my friend. Let's just say these are the kinds of things/situations that he enjoyed.