Windows 8 machine hacked :( How??

[JakeNTech]

Just now, JohnT said:

How can a copy from eBay be legit? I have a feeling I would get similar responses that question my integrity if I do that

 

I have no idea, but it worked for me on several occasions. Running an old and outdated version of windows is still a threat. No matter how hard you try all it takes is for someone to be determined enough to access your files. If you are keeping your system up to date it means that its harder for hackers or virus creators or what you want to call them, to make something to harm your files, and the older viruses would be patched in a windows update. 

Thats why the many companies, including the NHS was a victim of the Wannacry thing. 

[AshleyAshes]

So, in short, you did the Windows equivalent of exposing root access to the computer, to the entire internet, on it's default port, and all they had to do to literally own the system and even saved login in your browsers was to guess they system password?

 

...Don't do that.

[johnt]

5 minutes ago, AshleyAshes said:

So, in short, you did the Windows equivalent of exposing root access to the computer, to the entire internet, on it's default port, and all they had to do to literally own the system and even saved login in your browsers was to guess they system password?

 

...Don't do that.

Not sure I fully understand "own the system and even saved login in your browsers." You still need my credentials (username and password) before RDP will grant you access to the PC.

 

I had no saved passwords in the browser, luckily. 

[AshleyAshes]

Just now, JohnT said:

Not sure I fully understand "own the system and even saved login in your browsers." You still need my credentials (username and password) before RDP will grant you access to the PC.

That was my point. That's all they needed.  A user name and a password.  The thing would just sit there and allow anyone to hit it up and try to log in.  A normal configuration of RDP doesn't even limit the number of login retries.  When I say 'Own' I mean 'Own' as in they are in the system and have total administrative control, 'The keys to the kingdom' and all that.

[johnt]

4 minutes ago, AshleyAshes said:

That was my point. That's all they needed.  A user name and a password.  The thing would just sit there and allow anyone to hit it up and try to log in.  A normal configuration of RDP doesn't even limit the number of login retries.  When I say 'Own' I mean 'Own' as in they are in the system and have total administrative control, 'The keys to the kingdom' and all that.

Oh I see what you mean now. That is correct. RDP does not limit the number of tries. It's just kind of crazy they were able to come up with the combination of my user name and password together. Bastards...

[vanished]

3 hours ago, JohnT said:

Oh I see what you mean now. That is correct. RDP does not limit the number of tries. It's just kind of crazy they were able to come up with the combination of my user name and password together. Bastards...

Who knows how long they were trying for or how many attempts were made per second.  I'm sure if you could see the numbers it wouldn't be so surprising... well, you actually would be surprised but it would be at the scale of the "attack" instead of at the fact it succeeded