A friend's webmail account (@msn.com) appears to have been hacked. I
received a request to wire $1470 to London (UK) to help her out. She
was mugged and lost her cash and credit cards.
Is there any place to report this sort of email that might actually do
some good?
I'll start with ab...@msn.co
Lloyd Kvam writes:
> A friend's webmail account (@msn.com) appears to have been hacked. I
> received a request to wire $1470 to London (UK) to help her out. She
> was mugged and lost her cash and credit cards.
>
> Is there any place to report this sort of email that might actually do
> some goo
I had a friend with an IDENTICAL story... Stuck in London, she had been
robbed and desperately needed money to get home.
Turns out her facebook account had been hacked (probably poor password
security).
Anyway, these guys even went as far as start chatting with me on IM (MSN and
FB chat), attemptin
On 04/27/2010 12:51 PM, Derek Atkins wrote:
> Lloyd Kvam writes:
>
>
>> A friend's webmail account (@msn.com) appears to have been hacked. I
>> received a request to wire $1470 to London (UK) to help her out. She
>> was mugged and lost her cash and credit cards.
>>
>> Is there any place to re
On Tue, 2010-04-27 at 12:53 -0400, Joel Burtram wrote:
> Keep the group updated on any developments, I'm curious to know if you
> get anywhere.
I don't think there will be anything much to report. My friend called
in. She and her husband were on the phone with Microsoft trying to get
the account
> I don't think there will be anything much to report. My friend called
> in. She and her husband were on the phone with Microsoft trying to get
> the account shut down. Unless Microsoft gets in touch with me for more
> data on the emails there will be nothing more.
Do bear in mind that it's in
Wups! Mea culpa -- clearly, that wasn't the case, as the e-mail
originated from someone you knew. In which case, it was probably a weak
password crack. I, myself, got bitten by that using what *I*, at least,
thought was a fairly esoteric password. But my account provider ran the
couple-million
To echo what others have said: I would suggest: Perform damage
control, identify the vulnerability (e.g., weak password, browsing
from a public terminal, etc.), take corrective action, and move on.
Trying to "catch" the offenders is a hopelessly proposition.
They're usually impossible to trace
Jerry Feldman writes:
>
> Even worse is the hijacking of from addresses. I'm not sure how to
> prevent that.
There are some partly technical, partly social things like DKIM that you
can deploy on your domains to try to help improve the system as a whole
(not your system, *the* system)--some recei
On Tue, Apr 27, 2010 at 3:21 PM, Ken D'Ambrosio wrote:
> I, myself, got bitten by that using what *I*, at least,
> thought was a fairly esoteric password.
If you're still using a passWORD on today's Internet, you're already
in a very high risk category. Using an English word for a password is
On Tue, 2010-04-27 at 15:17 -0400, Ken D'Ambrosio wrote:
> > I don't think there will be anything much to report. My friend called
> > in. She and her husband were on the phone with Microsoft trying to get
> > the account shut down. Unless Microsoft gets in touch with me for more
> > data on the
On Tue, 2010-04-27 at 16:22 -0400, Joshua Judson Rosen wrote:
> stop calling it "hijacking"--you wouldn't use that term
> for USPS-based mail fraud, because it would mean something completely
> different if you did ("someone hijacked my PO box and sent postcards
> claiming to be me").
Though in t
On 04/27/2010 05:04 PM, Lloyd Kvam wrote:
> On Tue, 2010-04-27 at 16:22 -0400, Joshua Judson Rosen wrote:
>
>> stop calling it "hijacking"--you wouldn't use that term
>> for USPS-based mail fraud, because it would mean something completely
>> different if you did ("someone hijacked my PO box and
On 27-Apr-2010, Joel Burtram sent:
> Turns out her facebook account had been hacked (probably poor
> password security).
Speaking of password security, I saw this on some RSS feed the
other day: http://passwordcard.org/
Seems like an interesting idea, at least a step up from the
classic password
On Tue, Apr 27, 2010 at 1:37 PM, Chip Marshall wrote:
> On 27-Apr-2010, Joel Burtram sent:
> > Turns out her facebook account had been hacked (probably poor
> > password security).
>
> Speaking of password security, I saw this on some RSS feed the
> other day: http://passwordcard.org/
>
> Seems
On Tue, 2010-04-27 at 16:22 -0400, Benjamin Scott wrote:
> If you're still using a passWORD on today's Internet, you're already
> in a very high risk category. Using an English word for a password is
> supposed to be roughly equivalent to using "12 bit encryption" or
> something like that.
>
>
On Tue, Apr 27, 2010 at 5:26 PM, Lloyd Kvam wrote:
> Do you think it is hopeless trying to educate users to import a
> certificate and protect it with a pass phrase?
>
Yes, see #5:
http://www.ranum.com/security/computer_security/editorials/dumb/
However, that's not to say you can't offer them op
On Tue, Apr 27, 2010 at 5:26 PM, Lloyd Kvam wrote:
> Has anyone here tried to use certificates or public-keys to control
> access?
Yes. A few of our customers at $WORK do this. (Of course, they
usually email us the private key without any transport protection, but
hey, you didn't ask about ke
On Tue, Apr 27, 2010 at 5:51 PM, Alan Johnson wrote:
> Personally, I like the open id concept. Assuming you have a secure
> provider, and a secure password/cert with them ...
So, it fails on both counts, then. HHOS.
Large-scale SSO systems scare me because if the SSO host is
compromised, t
19 matches
Mail list logo
