Re: Hacker Warning
> On 13 Jul 2018, at 16:34, Karlin High wrote: > > On 7/13/2018 10:27 AM, Michael Hendry wrote: >> I have taken steps to improve the security of my passwords. > > I'd be lost without a password manager. Quite a few to choose from, I can > think of 1Password, Dashlane, Encryptr, KeePass, LastPass... various > architectures and business models among them. > > Managing many hundreds of unique random passwords used from various locations > and devices gets pretty impractical any other way. PS see: https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/ What is described here is precisely the message I received, with my password for a couple of sites replaced by “X”. If the theory that this has resulted from a corporate break-in is true, it is odd that the email arrived on a day when I’d accessed two rarely-used sites which shared the same password. Michael ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: Hacker Warning
On 7/13/2018 10:27 AM, Michael Hendry wrote: I have taken steps to improve the security of my passwords. I'd be lost without a password manager. Quite a few to choose from, I can think of 1Password, Dashlane, Encryptr, KeePass, LastPass... various architectures and business models among them. Managing many hundreds of unique random passwords used from various locations and devices gets pretty impractical any other way. -- Karlin High Missouri, USA ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: Hacker Warning
On 13/07/18 11:40, Michael Hendry wrote: I’ve recently received a message from a hacker who told me he knew my password (and quoted it correctly) Michael, Your e-mail address is listed on https://haveibeenpwned.com/ so it's possible they have obtained your details from one of these breaches. Joshua. ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: Hacker Warning
> On 13 Jul 2018, at 12:12, Simon Albrecht wrote: > >> On 13.07.2018 - 12:42, Michael Hendry wrote: >> >> >> I’ve recently received a message from a hacker who told me he knew my >> password (and quoted it correctly), demanding money in bitcoin for not >> forwarding details of my recent visit to a porn website to all my contacts. >>> >>> I had been using nabble to access the list - I've never accessed a porn >>> website. >>> >>> Firefox had warned me that the nabble site wasn’t secure when I logged in. >>> >>> I’ve deleted my nabble account, hence a couple of my messages to the group >>> have been deleted. > > They may have been deleted from Nabble, but there are two other independent > archives of all posts to the list. One can be found via the link below. > > Also, this isn't the only reason not to use Nabble: for example, it has an > idiosyncratic handling of attachments that simply don't appear to many > recipients etc. > > Best, Simon > > >>> lilypond-user mailing list >>> lilypond-user@gnu.org >>> https://lists.gnu.org/mailman/listinfo/lilypond-user >> Thanks. I don’t think my contributions will be greatly missed! Michael ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: Hacker Warning
> On 13 Jul 2018, at 12:34, David Kastrup wrote: > > Michael Hendry writes: > >> I’ve recently received a message from a hacker who told me he knew my >> password (and quoted it correctly), demanding money in bitcoin for not >> forwarding details of my recent visit to a porn website to all my >> contacts. > > You make it sound like you use only one password for everything. That was the way the hacker put it - without specifying what site the password related to, but I worked backwards from the quoted password. > A bad > idea. Indeed. I don’t think I had used nabble since 2015, and I did have one other website on which I had used the same password - by coincidence, I had accessed both on the same afternoon, but the first appeared secure (https:) > >> I had been using nabble to access the list - I've never accessed a >> porn website. >> >> Firefox had warned me that the rabble site wasn’t secure when I logged >> in. > > That sounds like spoofing: not actually connecting to the site you think > you are connecting to. Misspelled names (i.e., rabble instead of > nabble) can set oneself up with typo squatters. Could be. But I used a copied-and-pasted URL to access the nabble site - http://lilypond.1069038.n5.nabble.com/Four-Bars-per-Line-System-again-td45952.html I had copied this URL into a Lilypond file along with David Nalesnik’s excellent way of getting a four-bars-to-a-line layout for leadsheets, with sufficient flexibility to get (e.g.) the bridge section starting at the beginning of a line when the number of bars in the A section wasn’t divisible by 4. I have checked my browser’s history for misspellings and have found none. > >> I’ve deleted my nabble account, hence a couple of my messages to the >> group have been deleted. > > Deleting your nabble account sounds like pulling off the tractor > ignition key after the mule has bolted. Nice image!, but I decided I didn’t need to use nabble any more. > > It doesn't sound like it will do much to address password > vulnerabilities or spoofing. I have taken steps to improve the security of my passwords. Michael ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: Hacker Warning
Michael Hendry writes: > I’ve recently received a message from a hacker who told me he knew my > password (and quoted it correctly), demanding money in bitcoin for not > forwarding details of my recent visit to a porn website to all my > contacts. You make it sound like you use only one password for everything. A bad idea. > I had been using nabble to access the list - I've never accessed a > porn website. > > Firefox had warned me that the rabble site wasn’t secure when I logged > in. That sounds like spoofing: not actually connecting to the site you think you are connecting to. Misspelled names (i.e., rabble instead of nabble) can set oneself up with typo squatters. > I’ve deleted my nabble account, hence a couple of my messages to the > group have been deleted. Deleting your nabble account sounds like pulling off the tractor ignition key after the mule has bolted. It doesn't sound like it will do much to address password vulnerabilities or spoofing. -- David Kastrup ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Re: Hacker Warning
> On 13.07.2018 - 12:42, Michael Hendry wrote: > > > I’ve recently received a message from a hacker who told me he knew my > password (and quoted it correctly), demanding money in bitcoin for not > forwarding details of my recent visit to a porn website to all my contacts. >> >> I had been using nabble to access the list - I've never accessed a porn >> website. >> >> Firefox had warned me that the nabble site wasn’t secure when I logged in. >> >> I’ve deleted my nabble account, hence a couple of my messages to the group >> have been deleted. They may have been deleted from Nabble, but there are two other independent archives of all posts to the list. One can be found via the link below. Also, this isn't the only reason not to use Nabble: for example, it has an idiosyncratic handling of attachments that simply don't appear to many recipients etc. Best, Simon >> lilypond-user mailing list >> lilypond-user@gnu.org >> https://lists.gnu.org/mailman/listinfo/lilypond-user > ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
Hacker Warning
I’ve recently received a message from a hacker who told me he knew my password (and quoted it correctly), demanding money in bitcoin for not forwarding details of my recent visit to a porn website to all my contacts. I had been using nabble to access the list - I've never accessed a porn website. Firefox had warned me that the rabble site wasn’t secure when I logged in. I’ve deleted my nabble account, hence a couple of my messages to the group have been deleted. Michael ___ lilypond-user mailing list lilypond-user@gnu.org https://lists.gnu.org/mailman/listinfo/lilypond-user
