Author |
Message |
Dewbie
Joined: 15 Apr 2010 Posts: 1779
|
Posted: Fri 01 Feb 2013, 22:25 Post subject:
Yahoo Accounts Hijacked via XSS-Type Attack |
|
From HOTforSecurity:
Quote: | Popular webmail provider Yahoo has been slammed with a new e-mail-based attack that seizes control of victims’ accounts. Bitdefender Labs discovered the ongoing campaign (Jan. 30) and are once again warning users about the dangers of clicking spammy links. |
Details here.
|
Back to top
|
|
 |
Bruce B
Joined: 18 May 2005 Posts: 11488 Location: The Peoples Republic of California
|
Posted: Sat 02 Feb 2013, 05:56 Post subject:
Re: Yahoo Accounts Hijacked via XSS-Type Attack |
|
Dewbie wrote: | From HOTforSecurity:
Quote: | Popular webmail provider Yahoo has been slammed with a new e-mail-based attack that seizes control of victims’ accounts. Bitdefender Labs discovered the ongoing campaign (Jan. 30) and are once again warning users about the dangers of clicking spammy links. |
Details here. |
I suppose if it was Microsoft doing it instead of an unknown, it might be considered something to turn over to PR and spin it as MS serving the user and improving the web experience.
If it were the Government, every byte of information on the Internet belongs to the many elected and appointed individuals anyway, there wouldn't even be a problem. Except the Government can get the information by asking in a way that is hard to refuse, so no need for hacking.
I know you are talking about a crime, but with the examples the individuals in government and big business set for us, what makes it crime? Because paupers are the ones doing it?
By the time President Clinton was done, the very existence of sex in America was in question, depending on how you define it maybe.
As if there isn't enough actual crime in America, the FBI is interested salacious email like this make up:
Subject: Your Talk At Harvard
Dear General Petraeus,
Hearing you speak at Harvard was a real eye-opening experience. I'd like to thank you for giving your time, and sharing your wisdom. I wanted to ask if there was any way I could talk to you further about my research work. Your help would be invaluable.
Best Regards, Paula Broadwell
Hello Ms. Broadwell,
It was my pleasure to speak to you and the rest of those gathered. I would be glad to talk with you further. Perhaps we can set up a time to meet in person, and you can explain to me in more specific terms what you're looking for. Do you like waffles?
Sincerely, Gen. David Petraeus
P.S. And please, call me David.
Hi David,
I do very much like waffles, and please call me Paula. I am very happy you're willing to hear what I have in my mind. I will let your schedule dictate our rendezvous. Just say the word and I'll be there.
Many thanks! Best, Paula.
I know a 21 year-old girl. Her mother spends more time in prison than at home. Her father never seemed to notice or take interest in her or bother with parenting.
Her family has always been whatever gang of kids she hangs out with. How do we expect to turn out?
California Governor Jerry Brown is pardoning people at a slightly slower rate than the People convict them.
One man pardoned tried to use his attorney power and position to get sex off a minor in trouble. He would give her freedom if she would give him sex.
A grandmother convicted of killing her grandson, even after the Supreme Court decisions saying she should be in prison was pardoned by him.
One hundred and forty-nine in two years.
What am I actually wanting to say?
Maybe when corruption is at the top in so many levels, it seems natural to me for their abuse of power and disregard for people filter back down through the ranks.
These days it seems even the Secret Service expects the privilege of stealing services from prostitutes with impunity. Well, maybe not so much as before.
I want to go down on record with this statement: None of this looks like Walton's Mountain to me.
~
_________________ New! Puppy Linux Links Page
|
Back to top
|
|
 |
ETP

Joined: 19 Oct 2010 Posts: 1051 Location: UK
|
Posted: Sat 02 Feb 2013, 06:32 Post subject:
Yahoo Accounts Hijacked via XSS-Type Attack Subject description: Advice |
|
This theft of account data from email servers is becoming more common and I was hit yesterday. There is little you can do to prevent it but you can take steps to alert yourself to it and to minimise the effects.
1. Use a client to access your hotmail account such as Outlook/Thunderbird and restrict the contacts list on the server to only a couple of names. (Ideally only people you know to be tech savvy and likely to recognise spam)
2. Make sure that you include your own email address on the contacts list held on the server. If your account is compromised spam will be sent to everyone on your list and you will immediately be alerted when you appear to send yourself an email.
If you do suffer an attack swiftly change your password and security questions/ answers. Also alert the users on your web based contact list - which will only be a couple of people if you follow this advice.
_________________ Regards ETP
Kennels
|
Back to top
|
|
 |
mini-jaguar
Joined: 13 Nov 2008 Posts: 577
|
Posted: Sat 16 Feb 2013, 10:11 Post subject:
|
|
Yahoo mail has been having security problems since the 1990s, nothing new.
Also, nothing new that some accounts have gotten malware that takes all the people from their friend lists and gives it to sketchy accounts, scammers I suppose, in the messenger.
|
Back to top
|
|
 |
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope
|
Posted: Sat 16 Feb 2013, 10:21 Post subject:
|
|
Ooops so what other email provider should I use?
Gmail also have been hacked or? hotmail also hacked?
What about http://www.superheromail.com/
would that be for real or a humorous joke?
he writes he is tired of all the big ones and created it
for to get a secure email but that domain name is childish?
_________________ I use Google Search on Puppy Forum
not an ideal solution though
|
Back to top
|
|
 |
GustavoYz

Joined: 07 Jul 2010 Posts: 894 Location: .ar
|
Posted: Sat 16 Feb 2013, 19:22 Post subject:
|
|
There is nothing new on any of that, just a clever phising campaign using a XSS attack against people who click spammy links from unknown senders.
I see no reason to be worried, the e-mail protocol and any decent mail server is quite segure if you don't aloud mime files to be loaded (which should happen by default) and don't click spam links.
_________________

|
Back to top
|
|
 |
Dewbie
Joined: 15 Apr 2010 Posts: 1779
|
Posted: Sun 16 Jun 2013, 21:23 Post subject:
|
|
I just received two more spam-link e-mails from hijacked Yahoo! accounts.
Judging by the sheer volume of complaints, this seems to affect Yahoo! more than others.
British Telecom recently dumped them after numerous complaints from customers.
(Apparently, Yahoo! has other priorities. )
|
Back to top
|
|
 |
|