Is this a cause for concern? (Possible hack)
 

On our Toshiba laptop running Windows XP I normally lock the computer before going to bed or leaving it for extended periods of time. Last night was no different. I hit "Windows + L" to lock it, and shut the laptop. When I went to log on this evening, it would not bring up the log on (password) screen. When I hit CNTRL+ALT+DEL it said someone was already logged on. What the heck? No one else uses this computer except my wife and I. She hadn't touched it at all. I am hoping that the hibernation feature simply interfered with me hitting Windows + L and just froze things up.

My question is: Is there a way to see if someone from the outside logged on to my network and got in to my computer?

I have a Linksys Wireless router with WEP enabled, etc. I am pretty secure.

Maybe your wife forgot to logoff when she left the computer for you. That can trigger that message to come up. This happened to me last week when a friend used my "guest" account on my computer. When I went to shut it off, it said there were other people using this computer. So I tested it by logging onto the guest account and then switching to my account without logging off and then I went to shut it down and I got the same message.

If that doesnt work, then hopefully someone else knows the answer.

Good idea, but I was last off first on. I know my work PC has a script running that shows just about everything you do on the computer. I just don't know if this one has that same feature, nor do I know where to find it.

I am sure if it was hacked and it was a pro, it will be hard to detect anyway. Hopefully this is all just a scare. :)

did you try the cold shut down? that usually works for me when I get a logon error

I powered it off because it was not responding to anything I was doing. It was just sitting there doing nothing and I got worried that somebody was messing with it so I just held the power button down. After the "reboot" everything is cool.

if that didnt work I would have suggested to run it in safe mode with a F2 or F8 in reboot depending on your comp. then nothing is running but the BIOS!

Right click on My Computer, go to Properties, click Remote. Is "Allow Users To Connect To This Computer" checked?

From the information given, I'd wager that it was just a glitch, but it's hard to tell with Windows. Someone doesn't have to be a pro to hack into a wireless network. With some time and a tool called airsnort, almost anyone can do it with only having minimal knowledge of WEP. Theres also KisMac for mac and whatnot, but it doesn't matter. This is the reason that I have my set router to only accept signals from certain MAC addresses. Can't hack into it as easily if their card has the wrong MAC address can they? Maybe you should look into doing the same just as another security precaution? Good luck, Eric

your computer cannot be "hacked" unless there is a port open AND it has to be activly listening. if your worried about what ports you have open goto run > type cmd > type "netstat -an" this will bring up the list of ports open. (x.x.x.x is the IP followed by a :xxxx which is the port) dont freak out when the list pops up, what your looking for is soemthing that has a local address of 192.168.x.x AND has a foreign address. all ISP block incloding 127.x.x.x. port 80 is HTTP 23 is ftp (i think) 25 is pop mail, 143 is SMTP, 5190 is AIM 1863 is MSN 5050 is Yahoo chat usually "pros" arnt going after just anyone unless you have data they want (company secrets, government info, mass database's of credit card numbers, etc) you're not worth their time and money. its the "script kiddies", the 14 yo zit faced nerds (that are trying to bring down the gibson.. lol sorry couldnt resist the movie refrence) that would be an issue, however if you are patched, and are running AV software your fine.

moral of the story, i think it was a glitch.

(i just took a "network security" (read: hacking class) last semester and had so much fun. our final was a contest to see who could hack 4 servers (2 linux, 1 win2k3 1 win2k) first. the first guy had it in 45 minutes and i was done 15 mins later. this was in a controlled enviroment with no connection to the "real" internet. but in the lab he had DNS, DHCP, web, mail, etc servers set up, so it was a mini-internet.... sorry for such a long post)


*edit* i too have my wireless set up so that not only does it only accept my mac address, it doesnt broadcast the SSID. it would show up if you used a sniffer, but for the average joe driveing down the street, or my neighbors next door, they have no idea i even have wireless. however with Anything, there is ALWAYS a way around. mac address can be spoofed, sniffers, can pull the packets and eventully crack the wep key. WEP is static, its the same key everytime so if you gather enough packets via a sniffer the WEP can be cracked. if your that worried about security set up WPA which is dynamic and there for harder to crack.

Yes, it's checked. Should I disable it?

Thanks to the rest of you for responding with all that good info!

unless you access your computer remotely, when at the office or some other situation where you are using remote desktop. then yes, disable it.

also, another thing to check (just for security purposes) that your administrator account is passworded. when you go to login to your account at the windows startup, if you don't see an account named 'admin', then press crtl+alt+delete twice, and a login dialogue will pop-up. type in the username: administrator, and try to log in with no password, if that doesn't work, try your normal password. if there isn't a password then use control panel to assign one, if there is one.. well it's always good to know what it is, and how to log in as the administrator.

If you don't use it, yes. Even if you do, beware... it's not secure. I never use mine for anything but LAN management. I never remote from a separate location. A little paranoid, but it's just not secure. I wish it was, as I'd use it all the time.

I'll uncheck that box and try the admin thing later. Thanks you guys!