Re: [OT] web email acct compromised
On Wed, 28 Dec 2011 21:38:36 +0200, Andrei Popescu wrote: > On Mi, 28 dec 11, 17:57:55, Camaleón wrote: >> >> If the user is logged in with that option set, keeps the session opened >> and leaves the computer unattended, anyone can start using his account >> for their own purposes (sending massively e-mails, changing the >> password...). Having a completely encrypted session in the above >> situation is useless because the user is already logged. > > Most services I know (I just checked on Gmail) don't allow changing the > password unless you also provide the old password, even if you are > already logged in. You're right. I was not aware of it, that's good to know (an extra of security mesaures does not hurt anyone): Changing your password http://support.google.com/mail/bin/answer.py?hl=en&answer=6567 Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.12.28.21.41...@gmail.com
Re: [OT] web email acct compromised
On 25/12/11 13:47, hvw59601 wrote: Hi, Recently one of my Yahoo accts was compromised. Mail was sent all over the place with nonsense, to LDU also. I don't particularly favor Yahoo and would like to get rid of the acct alltogether. How? And how is an account compromised? Why pick on me? FWIW I changed the passwd. Happy Solstice Hugo What actually happened? If it was just that people got messages appearing to come from you, that's not unusual - once someone knows your email address it is quite easy to fake an email that looks like it came from you. This can happen without your account having been hacked - it could be that a friend of yours has a virus on their computer that sent their address book to a spammer, or as a result of your email address being publicly available on the web somewhere. One question is whether the emails sent in your name were to people you know, or just random addresses? The reason people do this is usually so that someone else gets the hassle/blame for their spamming / phishing activities, or in the cases where they have someone's address book, because someone is more likely to open an attachment that looks like it comes from a friend. It is most likely nothing to do with you personally. If you have definite evidence that someone other than yourself can read your inbox, or other information that is only available by logging in to your account, then that's when you need to change your password etc. In that case, you should probably also contact Yahoo to let them know. Hope this helps, andy baxter. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4efb8b41.6020...@earthsong.free-online.co.uk
Re: [OT] web email acct compromised
On Mi, 28 dec 11, 17:57:55, Camaleón wrote: > > If the user is logged in with that option set, keeps the session opened > and leaves the computer unattended, anyone can start using his account > for their own purposes (sending massively e-mails, changing the > password...). Having a completely encrypted session in the above > situation is useless because the user is already logged. Most services I know (I just checked on Gmail) don't allow changing the password unless you also provide the old password, even if you are already logged in. Kind regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic signature.asc Description: Digital signature
Re: [OT] web email acct compromised
On Wed, 28 Dec 2011 10:56:45 -0600, green wrote: > Camaleón wrote at 2011-12-28 10:37 -0600: >> On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: >> > And how is an account compromised? Why pick on me? FWIW I changed the >> > passwd. >> >> Maybe by using a weak password or by leaving your session opened. Try >> to harden it for the next time and do not use the "remember me" option. > > For Gmail, turn on the secure connection option so that the entire > session is encrypted rather than just the authentication. > > http://codebutler.com/firesheep That will only prevent from cases of cookie session stealing, which are not very usual on wired networks but on wireless environments running on untrusted networks (like coffee shops, airports...). If the user is logged in with that option set, keeps the session opened and leaves the computer unattended, anyone can start using his account for their own purposes (sending massively e-mails, changing the password...). Having a completely encrypted session in the above situation is useless because the user is already logged. Common sense is often the best defense. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.12.28.17.57...@gmail.com
Re: [OT] web email acct compromised
Camaleón wrote at 2011-12-28 10:37 -0600: > On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: > > And how is an account compromised? Why pick on me? FWIW I changed the > > passwd. > > Maybe by using a weak password or by leaving your session opened. Try to > harden it for the next time and do not use the "remember me" option. For Gmail, turn on the secure connection option so that the entire session is encrypted rather than just the authentication. http://codebutler.com/firesheep signature.asc Description: Digital signature
Re: [OT] web email acct compromised
On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: > Recently one of my Yahoo accts was compromised. Mail was sent all over > the place with nonsense, to LDU also. > > I don't particularly favor Yahoo and would like to get rid of the acct > alltogether. How? Open a new account with another company (GMail, etc...) > And how is an account compromised? Why pick on me? FWIW I changed the > passwd. Maybe by using a weak password or by leaving your session opened. Try to harden it for the next time and do not use the "remember me" option. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.12.28.16.37...@gmail.com
Re: [OT] web email acct compromised
On Monday 26 December 2011 14:50:56 hvw59601 wrote: > T o n g wrote: > > On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: > >> Recently one of my Yahoo accts was compromised. Mail was sent all over > >> the place with nonsense, to LDU also. > >> > >> [. . . ] > >> > >> And how is an account compromised? > > > > Looks like it's a growing trend to me. One of my friend was hit a while > > ago as well. Because she is not that tech savvy, I couldn't figure out > > how it actually happened either. Do you have any clue yourself? > > > It's a seldomly used Yahoo! account. It happened once before also with a > Yahoo! account. AFAIK never with gmail. I once had a password changed. As far as I could tell, my account had not yet been used when I noticed and reclaimed the account. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112261514.26763.lisi.re...@gmail.com
Re: [OT] web email acct compromised
T o n g wrote: On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: Recently one of my Yahoo accts was compromised. Mail was sent all over the place with nonsense, to LDU also. [. . . ] And how is an account compromised? Looks like it's a growing trend to me. One of my friend was hit a while ago as well. Because she is not that tech savvy, I couldn't figure out how it actually happened either. Do you have any clue yourself? It's a seldomly used Yahoo! account. It happened once before also with a Yahoo! account. AFAIK never with gmail. Hugo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jda1kf$tdo$1...@dough.gmane.org
Re: [OT] web email acct compromised
On Sun, 25 Dec 2011 07:47:42 -0600, hvw59601 wrote: > Recently one of my Yahoo accts was compromised. Mail was sent all over > the place with nonsense, to LDU also. > [. . . ] > And how is an account compromised? Looks like it's a growing trend to me. One of my friend was hit a while ago as well. Because she is not that tech savvy, I couldn't figure out how it actually happened either. Do you have any clue yourself? Don't worry if you don't. you are not the first victim. While I was trying to find the reason for her, I found the following, Am I sending out spam? http://boards.straightdope.com/sdmb/showthread.php?t=633043 in which the OP says, "1)I'm ridiculously careful about that kind of stuff and I'm not sure I could be tricked into it. 2)This is a seldom used account. It's not used for any social networking sites, I never would have typed in the username/password anywhere other then on the webmail page and my phone (it's a POP3 account).. . ." In other words, it is happening to those who are careful about such things. So any hints might help. Judging from her email header, I can tell that the spammer was really able to get into her account, send email from within the yahoo web mail interface, to all her contacts, using an Android cell phone through the YahooMail Mobile phone Web Service. BTW, the spammer IP address was 117.195.97.137, and the 117.195.96.0/20 address block (117.192.0.0 - 117.207.255.255) belongs to BSNL Internet in India, according to a whois lookup. Here is the full email header: Received: (qmail 62123 invoked by uid 60001); 20 Dec 2011 20:24:45 - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rogers.com; s=s1024; t=1324412685; bh=Uerd3bJ2IEQlAxxINeFmfZ/RbZ1Dqn4BLyX/qf4QVRE=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME- Version:Content-Type; b=mCaYOO18t1+C9xm1u0Fisd1s9fO5+MR6Mykku0cZMf9smq +yg2Qx70hK8mdurk97PTUDW/OsJSnLugzArQQWiApnLVG/t+CIZr +IAYdBNwFQXZ1lotAOpW1tGMtcMI6QjtFXZt9gYWOAHVamCYAKq0Vf4meMnfNGk88NisYQgE4= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME- Version:Content-Type; b=pT7VarhBYaYQUGmhmthvyP7UjypmjidcaFIJO8yLX4FGZsqHbsy+iazsEfC1bWdo1rC/ djsMlFv6tuhEoKrzjLJ45sMmDDBuQWIXZpzZjMGw5ILVRsGPrp2OeS/WDTc9pvGS6dTFiU +DjbFcWPCIncoOobSNVCSQVFdPmtQ7eKI=; X-YMail-OSG: JcRxq6EVM1nm3zKFcoOnAtEo23MwEaGh9nAQXyvg7XOo1J. tnKPDlwG_SvTEDpG8ylRTyTahWKUtOAxa4.bE_WiHzbvHbRxirSg5d3h.rjL LT84eL012aK0Fp835Z_7H0ahfrV6JIOlOJW_9PvPjOKllgMvEOwWbjuoOf8H SEUEfWQwcFbK7Oxn39c.APJmVwM5gk5ry77kt1f_pExbC9CS1TzUk_Wrw.su R9zfMRzAIcKKW0obEWK7d6BoeKiIhl2o5ndOOePZz7_NEoAvZKmqg5lIPSI9 gM9jDmHVH8gS1rESp4qTSMukULc6u9d1b02PHCOum0i4g_zG4lUX7yWOIYJ3 71qJl6YkJKjebVUt5.Ilemt2DxIy9DZ4CYTCB0eY.6itVYj7JeuS2fzvhse1 s_wuKst.ftWlM7g34z..crd9VRL5vKoZw6SPwWII17p_XKk9mfo.a.FuZ1kW n0ovtEqD4ZyFbqCcRMcJjS0wx2CDmDzWx7ftt.KtZSOvl_NIvuGW9JeVK_w. WR4Ulzk.XiFfm3UOnBTilXKxSC_bBNubfwpzLKk1foQ-- Received: from [117.195.97.137] by web88605.mail.bf1.yahoo.com via HTTP; Tue, 20 Dec 2011 12:24:44 PST X-Mailer: YahooMailWebService/0.8.115.331698 Message-ID: <1324412684.53494.androidmob...@web88605.mail.bf1.yahoo.com> Date: Tue, 20 Dec 2011 12:24:44 -0800 (PST) From: .. Subject: I DID IT! -- Tong (remove underscore(s) to reply) http://xpt.sourceforge.net/techdocs/ http://xpt.sourceforge.net/tools/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jd83uc$uf2$1...@dough.gmane.org
Re: [OT] web email acct compromised
Lisi wrote: On Sunday 25 December 2011 13:47:42 hvw59601 wrote: Why pick on me? Why not? These attacks are usually random and rarely ad hominem. But how does it work? Is the hacker inside of Yahoo or outside of it? Hugo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jd7osk$iu5$1...@dough.gmane.org
Re: [OT] web email acct compromised
On Sunday 25 December 2011 13:47:42 hvw59601 wrote: > Why pick on me? Why not? These attacks are usually random and rarely ad hominem. Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112251537.06579.lisi.re...@gmail.com
