Re: Hacker Warning

2018-07-15 Thread Michael Hendry
> On 13 Jul 2018, at 16:34, Karlin High  wrote:
> 
> On 7/13/2018 10:27 AM, Michael Hendry wrote:
>> I have taken steps to improve the security of my passwords.
> 
> I'd be lost without a password manager. Quite a few to choose from, I can 
> think of 1Password, Dashlane, Encryptr, KeePass, LastPass... various 
> architectures and business models among them.
> 
> Managing many hundreds of unique random passwords used from various locations 
> and devices gets pretty impractical any other way.


PS see: 
https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/

What is described here is precisely the message I received, with my password 
for a couple of sites replaced by “X”.

If the theory that this has resulted from a corporate break-in is true, it is 
odd that the email arrived on a day when I’d accessed two rarely-used sites 
which shared the same password.

Michael




___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Re: Hacker Warning

2018-07-13 Thread Karlin High

On 7/13/2018 10:27 AM, Michael Hendry wrote:

I have taken steps to improve the security of my passwords.


I'd be lost without a password manager. Quite a few to choose from, I 
can think of 1Password, Dashlane, Encryptr, KeePass, LastPass... various 
architectures and business models among them.


Managing many hundreds of unique random passwords used from various 
locations and devices gets pretty impractical any other way.

--
Karlin High
Missouri, USA

___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Re: Hacker Warning

2018-07-13 Thread Joshua Stutter

On 13/07/18 11:40, Michael Hendry wrote:

I’ve recently received a message from a hacker who told me he knew my password 
(and quoted it correctly)


Michael,

Your e-mail address is listed on https://haveibeenpwned.com/ so it's 
possible they have obtained your details from one of these breaches.


Joshua.

___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Re: Hacker Warning

2018-07-13 Thread Michael Hendry
> On 13 Jul 2018, at 12:12, Simon Albrecht  wrote:
> 
>> On 13.07.2018 - 12:42, Michael Hendry wrote:
>> 
>> 
>> I’ve recently received a message from a hacker who told me he knew my 
>> password (and quoted it correctly), demanding money in bitcoin for not 
>> forwarding details of my recent visit to a porn website to all my contacts.
>>> 
>>> I had been using nabble to access the list - I've never accessed a porn 
>>> website.
>>> 
>>> Firefox had warned me that the nabble site wasn’t secure when I logged in.
>>> 
>>> I’ve deleted my nabble account, hence a couple of my messages to the group 
>>> have been deleted.
> 
> They may have been deleted from Nabble, but there are two other independent 
> archives of all posts to the list. One can be found via the link below.
> 
> Also, this isn't the only reason not to use Nabble: for example, it has an 
> idiosyncratic handling of attachments that simply don't appear to many 
> recipients etc.
> 
> Best, Simon
> 
> 
>>> lilypond-user mailing list
>>> lilypond-user@gnu.org
>>> https://lists.gnu.org/mailman/listinfo/lilypond-user
>> 

Thanks. I don’t think my contributions will be greatly missed!

Michael
___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Re: Hacker Warning

2018-07-13 Thread Michael Hendry
> On 13 Jul 2018, at 12:34, David Kastrup  wrote:
> 
> Michael Hendry  writes:
> 
>> I’ve recently received a message from a hacker who told me he knew my
>> password (and quoted it correctly), demanding money in bitcoin for not
>> forwarding details of my recent visit to a porn website to all my
>> contacts.
> 
> You make it sound like you use only one password for everything.

That was the way the hacker put it - without specifying what site the password 
related to, but I worked backwards from the quoted password.

> A bad
> idea.

Indeed.

I don’t think I had used nabble since 2015, and I did have one other website on 
which I had used the same password - by coincidence, I had accessed both on the 
same afternoon, but the first appeared secure (https:)

> 
>> I had been using nabble to access the list - I've never accessed a
>> porn website.
>> 
>> Firefox had warned me that the rabble site wasn’t secure when I logged
>> in.
> 
> That sounds like spoofing: not actually connecting to the site you think
> you are connecting to.  Misspelled names (i.e., rabble instead of
> nabble) can set oneself up with typo squatters.

Could be. But I used a copied-and-pasted URL to access the nabble site - 
http://lilypond.1069038.n5.nabble.com/Four-Bars-per-Line-System-again-td45952.html

I had copied this URL into a Lilypond file along with David Nalesnik’s 
excellent way of getting a four-bars-to-a-line layout for leadsheets, with 
sufficient flexibility to get (e.g.) the bridge section starting at the 
beginning of a line when the number of bars in the A section wasn’t divisible 
by 4.

I have checked my browser’s history for misspellings and have found none.

> 
>> I’ve deleted my nabble account, hence a couple of my messages to the
>> group have been deleted.
> 
> Deleting your nabble account sounds like pulling off the tractor
> ignition key after the mule has bolted.

Nice image!, but I decided I didn’t need to use nabble any more.

> 
> It doesn't sound like it will do much to address password
> vulnerabilities or spoofing.

I have taken steps to improve the security of my passwords.

Michael



___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Re: Hacker Warning

2018-07-13 Thread David Kastrup
Michael Hendry  writes:

> I’ve recently received a message from a hacker who told me he knew my
> password (and quoted it correctly), demanding money in bitcoin for not
> forwarding details of my recent visit to a porn website to all my
> contacts.

You make it sound like you use only one password for everything.  A bad
idea.

> I had been using nabble to access the list - I've never accessed a
> porn website.
>
> Firefox had warned me that the rabble site wasn’t secure when I logged
> in.

That sounds like spoofing: not actually connecting to the site you think
you are connecting to.  Misspelled names (i.e., rabble instead of
nabble) can set oneself up with typo squatters.

> I’ve deleted my nabble account, hence a couple of my messages to the
> group have been deleted.

Deleting your nabble account sounds like pulling off the tractor
ignition key after the mule has bolted.

It doesn't sound like it will do much to address password
vulnerabilities or spoofing.

-- 
David Kastrup

___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Re: Hacker Warning

2018-07-13 Thread Simon Albrecht
> On 13.07.2018 - 12:42, Michael Hendry wrote:
>
>
> I’ve recently received a message from a hacker who told me he knew my 
> password (and quoted it correctly), demanding money in bitcoin for not 
> forwarding details of my recent visit to a porn website to all my contacts.
>> 
>> I had been using nabble to access the list - I've never accessed a porn 
>> website.
>> 
>> Firefox had warned me that the nabble site wasn’t secure when I logged in.
>> 
>> I’ve deleted my nabble account, hence a couple of my messages to the group 
>> have been deleted.

They may have been deleted from Nabble, but there are two other independent 
archives of all posts to the list. One can be found via the link below.

Also, this isn't the only reason not to use Nabble: for example, it has an 
idiosyncratic handling of attachments that simply don't appear to many 
recipients etc.

Best, Simon


>> lilypond-user mailing list
>> lilypond-user@gnu.org
>> https://lists.gnu.org/mailman/listinfo/lilypond-user
>

___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user


Hacker Warning

2018-07-13 Thread Michael Hendry
I’ve recently received a message from a hacker who told me he knew my password 
(and quoted it correctly), demanding money in bitcoin for not forwarding 
details of my recent visit to a porn website to all my contacts.

I had been using nabble to access the list - I've never accessed a porn website.

Firefox had warned me that the rabble site wasn’t secure when I logged in.

I’ve deleted my nabble account, hence a couple of my messages to the group have 
been deleted.

Michael
___
lilypond-user mailing list
lilypond-user@gnu.org
https://lists.gnu.org/mailman/listinfo/lilypond-user