Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 19 May 2013, 13:47
All times are UTC - 4

 Forum index » Off-Topic Area » Security
Yahoo Accounts Hijacked via XSS-Type Attack
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
Dewbie

Joined: 15 Apr 2010
Posts: 1412
PostPosted: Fri 01 Feb 2013, 22:25    Post subject:  Yahoo Accounts Hijacked via XSS-Type Attack  
From HOTforSecurity:
Quote:
Popular webmail provider Yahoo has been slammed with a new e-mail-based attack that seizes control of victims’ accounts. Bitdefender Labs discovered the ongoing campaign (Jan. 30) and are once again warning users about the dangers of clicking spammy links.

Details here.
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 10817
Location: The Peoples Republic of California
PostPosted: Sat 02 Feb 2013, 05:56    Post subject: Re: Yahoo Accounts Hijacked via XSS-Type Attack  
Dewbie wrote:
From HOTforSecurity:
Quote:
Popular webmail provider Yahoo has been slammed with a new e-mail-based attack that seizes control of victims’ accounts. Bitdefender Labs discovered the ongoing campaign (Jan. 30) and are once again warning users about the dangers of clicking spammy links.

Details here.


I suppose if it was Microsoft doing it instead of an unknown, it might be considered something to turn over to PR and spin it as MS serving the user and improving the web experience.

If it were the Government, every byte of information on the Internet belongs to the many elected and appointed individuals anyway, there wouldn't even be a problem. Except the Government can get the information by asking in a way that is hard to refuse, so no need for hacking.

I know you are talking about a crime, but with the examples the individuals in government and big business set for us, what makes it crime? Because paupers are the ones doing it?

By the time President Clinton was done, the very existence of sex in America was in question, depending on how you define it maybe.

As if there isn't enough actual crime in America, the FBI is interested salacious email like this make up:

    Subject: Your Talk At Harvard

    Dear General Petraeus,

    Hearing you speak at Harvard was a real eye-opening experience. I'd like to thank you for giving your time, and sharing your wisdom. I wanted to ask if there was any way I could talk to you further about my research work. Your help would be invaluable.

    Best Regards, Paula Broadwell

    Hello Ms. Broadwell,

    It was my pleasure to speak to you and the rest of those gathered. I would be glad to talk with you further. Perhaps we can set up a time to meet in person, and you can explain to me in more specific terms what you're looking for. Do you like waffles?

    Sincerely, Gen. David Petraeus

    P.S. And please, call me David.

    Hi David,

    I do very much like waffles, and please call me Paula. I am very happy you're willing to hear what I have in my mind. I will let your schedule dictate our rendezvous. Just say the word and I'll be there.

    Many thanks! Best, Paula.


I know a 21 year-old girl. Her mother spends more time in prison than at home. Her father never seemed to notice or take interest in her or bother with parenting.

Her family has always been whatever gang of kids she hangs out with. How do we expect to turn out?

California Governor Jerry Brown is pardoning people at a slightly slower rate than the People convict them.

One man pardoned tried to use his attorney power and position to get sex off a minor in trouble. He would give her freedom if she would give him sex.

A grandmother convicted of killing her grandson, even after the Supreme Court decisions saying she should be in prison was pardoned by him.

One hundred and forty-nine in two years.

What am I actually wanting to say?

Maybe when corruption is at the top in so many levels, it seems natural to me for their abuse of power and disregard for people filter back down through the ranks.

These days it seems even the Secret Service expects the privilege of stealing services from prostitutes with impunity. Well, maybe not so much as before.

I want to go down on record with this statement: None of this looks like Walton's Mountain to me.

~
_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
ETP


Joined: 19 Oct 2010
Posts: 306
Location: UK
PostPosted: Sat 02 Feb 2013, 06:32    Post subject: Yahoo Accounts Hijacked via XSS-Type Attack
Subject description: Advice		  
This theft of account data from email servers is becoming more common and I was hit yesterday. There is little you can do to prevent it but you can take steps to alert yourself to it and to minimise the effects.

1. Use a client to access your hotmail account such as Outlook/Thunderbird and restrict the contacts list on the server to only a couple of names. (Ideally only people you know to be tech savvy and likely to recognise spam)

2. Make sure that you include your own email address on the contacts list held on the server. If your account is compromised spam will be sent to everyone on your list and you will immediately be alerted when you appear to send yourself an email.


If you do suffer an attack swiftly change your password and security questions/ answers. Also alert the users on your web based contact list - which will only be a couple of people if you follow this advice.
_________________
Regards ETP
Currently running Slacko 5.3.3 k-3.1.10
(demo with audio--play flash full screen & press F11)
http://megaswf.com/s/2484946 1080p version Oct 2012
Back to top
View user's profile Send private message 
mini-jaguar

Joined: 13 Nov 2008
Posts: 402
PostPosted: Sat 16 Feb 2013, 10:11    Post subject:  
Yahoo mail has been having security problems since the 1990s, nothing new.

Also, nothing new that some accounts have gotten malware that takes all the people from their friend lists and gives it to sketchy accounts, scammers I suppose, in the messenger.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 9385
Location: SwedenEurope
PostPosted: Sat 16 Feb 2013, 10:21    Post subject:  
Ooops so what other email provider should I use?
Gmail also have been hacked or? hotmail also hacked?

What about http://www.superheromail.com/
would that be for real or a humorous joke?

he writes he is tired of all the big ones and created it
for to get a secure email but that domain name is childish?
_________________

I'm a noob so I use Google Search of Puppy Forum
Back to top
View user's profile Send private message 
GustavoYz


Joined: 07 Jul 2010
Posts: 865
Location: .ar
PostPosted: Sat 16 Feb 2013, 19:22    Post subject:  
There is nothing new on any of that, just a clever phising campaign using a XSS attack against people who click spammy links from unknown senders.

I see no reason to be worried, the e-mail protocol and any decent mail server is quite segure if you don't aloud mime files to be loaded (which should happen by default) and don't click spam links.
_________________
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

[ Time: 0.0564s ][ Queries: 12 (0.0082s) ][ GZIP on ]