Loading ...
Sorry, an error occurred while loading the content.

Fwd: [sca-west] Computer virus at 12th night hotel

Expand Messages
  • John Rossignol
    Best check any computer or mobile device you used at 12th Night, just in case. Better safe than sorry. -John ... Subject: [sca-west] Computer virus at 12th
    Message 1 of 4 , Jan 5, 2014
    • 0 Attachment
      Best check any computer or mobile device you used at 12th Night, just in case.  Better safe than sorry.

      -John


      -------- Original Message --------
      Subject:[sca-west] Computer virus at 12th night hotel
      Date:Sun, 5 Jan 2014 21:03:22 -0500 (EST)
      From:kittycrowe@... <kittycrowe@...>
      Reply-To:sca-west@yahoogroups.com
      To:sca-west@yahoogroups.com


      Greetings!

      This message is directed to everyone who attended West Kingdom 12th Night at the Hilton this weekend and used the free computer access in the public areas of the hotel
      (located between hotel reg and the elevator/restaurant lobby) to access their email:

      This weekend while at 12th night, on Saturday I used the computers in the public area of the hotel to check my email. Today (Sunday) when I tried to again access my email there I found my account blocked by my email provider due to "suspicious activity" on my account.

      When I arrived back home I again tried to access my email account from my home computer - and received the same result. I was able to contact my provider by phone and get my account unblocked. When I subsequently was able to access my email I discovered that a large section of my address book had been spammed with a message containing a suspicious link.

      I phoned the hotel and notified them of this. They said that they would let their vendor know about the problem. I have also notified my mailing lists which got spammed with this.

      I advise anyone else who also accessed their email from these computers at the Hilton to check the condition of their email accounts.

      YIS
      Linda-Muireall



    • Cameron deGrey
      Im gonna get on a little soapbox here, please forgive me. Never ever ever ever ever use a public terminal (computer, etc.) to access anything personal ever.
      Message 2 of 4 , Jan 6, 2014
      • 0 Attachment
        Im gonna get on a little soapbox here, please forgive me.

        Never ever ever ever ever use a public terminal (computer, etc.) to access anything personal ever. This means ANYTHING you log into with credentials. UNLESS you have second factor authentication on. Google, eBay, and several others support it. What is second factor authentication? it is either a text message they send to your phone when you try to login in, then you enter the code, or it is a 'token' of some kind (in the form of a device app, or physical keychain etc that generates time based numbers). EVEN THEN, if it is a live attack there are issues that can arise depending on the location of the attacker in the network chain.

        If you can access the terminals, 'hackers' can too. whether it is keystroke loggers, or other malicious software to capture information. It can even be a device inline with the network, or a hardware keystroke logger. Perhaps you bring a thumb drive and plug it in so you can print a picture of lil Billy at the hotel, malware is smart enough to see the drive, spawn to it, and silently wait. The next time you go to grandmas house and plug that drive in to her computer, boom.

        Take this seriously people. If I have your email accounts, I can then go to all your financial sites, etc and reset all your passwords and gain access to (in most peoples cases) everything related to your modern life.

        Hate me if you will for being a 'know-it-all' but really my heart is in the right place. I would really hate to ever hear anyone telling a story about how their identity was stolen. Identity theft can really start with a simple email hack.

        Paranoid? YOU BET! This can ruin your entire life financially! Why not be a LITTLE paranoid. Weigh the consequences of convenience vice security.

        PS NO MATTER HOW GOOD SOMEONE THINKS THEY ARE, OR WHAT A PERSON OR COMPANY MAY CLAIM... the ONLY way to TRULY be sure you are free of viruses and malware, is to restore from a CD,DVD. Once you do that, go online ONLY to perform updates, and update until there are no more updates. Do not check mail, surf anywhere, do anything but update.

        There are really zero day exploits every week. The only one that can protect you, is YOU!

        Ill get off my soapbox now. Sorry for the rant.... :|

        Cameron the Serious


        On Sun, Jan 5, 2014 at 10:15 PM, John Rossignol <giguette@...> wrote:
         

        Best check any computer or mobile device you used at 12th Night, just in case.  Better safe than sorry.

        -John



        -------- Original Message --------
        Subject:[sca-west] Computer virus at 12th night hotel
        Date:Sun, 5 Jan 2014 21:03:22 -0500 (EST)
        From:kittycrowe@... <kittycrowe@...>
        Reply-To:sca-west@yahoogroups.com
        To:sca-west@yahoogroups.com


        Greetings!

        This message is directed to everyone who attended West Kingdom 12th Night at the Hilton this weekend and used the free computer access in the public areas of the hotel
        (located between hotel reg and the elevator/restaurant lobby) to access their email:

        This weekend while at 12th night, on Saturday I used the computers in the public area of the hotel to check my email. Today (Sunday) when I tried to again access my email there I found my account blocked by my email provider due to "suspicious activity" on my account.

        When I arrived back home I again tried to access my email account from my home computer - and received the same result. I was able to contact my provider by phone and get my account unblocked. When I subsequently was able to access my email I discovered that a large section of my address book had been spammed with a message containing a suspicious link.

        I phoned the hotel and notified them of this. They said that they would let their vendor know about the problem. I have also notified my mailing lists which got spammed with this.

        I advise anyone else who also accessed their email from these computers at the Hilton to check the condition of their email accounts.

        YIS
        Linda-Muireall




      • Dame Macha of Mountain Edge (known as the
        Thanks, Cameron - I too am rather paranoid about public Internets (Starbucks, airports, etc). In the past one had hoped that wired hotel Internet accesses
        Message 3 of 4 , Jan 6, 2014
        • 0 Attachment
          Thanks, Cameron - I too am rather paranoid about "public" Internets (Starbucks, airports, etc). In the past one had hoped that wired hotel Internet accesses were safer, but I guess we should worry about those now, even though some hotels charge as much as $15 per day to use them (!).

          However, one usage of hotel lobby terminals that I have still believed to be safe is for printing airline boarding passes (where one only enters the confirmation number and only uses the "public" airline site rather than logging into your account - if any - with the airline).

          Do you believe those also can be easily compromised?

          Macha

          On Jan 6, 2014, at 6:40 AM, Cameron deGrey wrote:

           

          Im gonna get on a little soapbox here, please forgive me.

          Never ever ever ever ever use a public terminal (computer, etc.) to access anything personal ever. This means ANYTHING you log into with credentials. UNLESS you have second factor authentication on. Google, eBay, and several others support it. What is second factor authentication? it is either a text message they send to your phone when you try to login in, then you enter the code, or it is a 'token' of some kind (in the form of a device app, or physical keychain etc that generates time based numbers). EVEN THEN, if it is a live attack there are issues that can arise depending on the location of the attacker in the network chain.

          If you can access the terminals, 'hackers' can too. whether it is keystroke loggers, or other malicious software to capture information. It can even be a device inline with the network, or a hardware keystroke logger. Perhaps you bring a thumb drive and plug it in so you can print a picture of lil Billy at the hotel, malware is smart enough to see the drive, spawn to it, and silently wait. The next time you go to grandmas house and plug that drive in to her computer, boom.

          Take this seriously people. If I have your email accounts, I can then go to all your financial sites, etc and reset all your passwords and gain access to (in most peoples cases) everything related to your modern life.

          Hate me if you will for being a 'know-it-all' but really my heart is in the right place. I would really hate to ever hear anyone telling a story about how their identity was stolen. Identity theft can really start with a simple email hack.

          Paranoid? YOU BET! This can ruin your entire life financially! Why not be a LITTLE paranoid. Weigh the consequences of convenience vice security.

          PS NO MATTER HOW GOOD SOMEONE THINKS THEY ARE, OR WHAT A PERSON OR COMPANY MAY CLAIM... the ONLY way to TRULY be sure you are free of viruses and malware, is to restore from a CD,DVD. Once you do that, go online ONLY to perform updates, and update until there are no more updates. Do not check mail, surf anywhere, do anything but update.

          There are really zero day exploits every week. The only one that can protect you, is YOU!

          Ill get off my soapbox now. Sorry for the rant.... :|

          Cameron the Serious


          On Sun, Jan 5, 2014 at 10:15 PM, John Rossignol <giguette@...> wrote:
           

          Best check any computer or mobile device you used at 12th Night, just in case.  Better safe than sorry.

          -John



          -------- Original Message --------
          Subject:[sca-west] Computer virus at 12th night hotel
          Date:Sun, 5 Jan 2014 21:03:22 -0500 (EST)
          From:kittycrowe@... <kittycrowe@...>
          Reply-To:sca-west@yahoogroups.com
          To:sca-west@yahoogroups.com


          Greetings!

          This message is directed to everyone who attended West Kingdom 12th Night at the Hilton this weekend and used the free computer access in the public areas of the hotel
          (located between hotel reg and the elevator/restaurant lobby) to access their email:

          This weekend while at 12th night, on Saturday I used the computers in the public area of the hotel to check my email. Today (Sunday) when I tried to again access my email there I found my account blocked by my email provider due to "suspicious activity" on my account.

          When I arrived back home I again tried to access my email account from my home computer - and received the same result. I was able to contact my provider by phone and get my account unblocked. When I subsequently was able to access my email I discovered that a large section of my address book had been spammed with a message containing a suspicious link.

          I phoned the hotel and notified them of this. They said that they would let their vendor know about the problem. I have also notified my mailing lists which got spammed with this.

          I advise anyone else who also accessed their email from these computers at the Hilton to check the condition of their email accounts.

          YIS
          Linda-Muireall







        • Cameron deGrey
          sadly, anything from airline terminals, to nuclear controller can be running Windows XP (or the underlying structure of it anyway) As far as airport kiosks,
          Message 4 of 4 , Jan 6, 2014
          • 0 Attachment
            sadly, anything from airline terminals, to nuclear controller can be running Windows XP (or the underlying structure of it anyway) As far as airport kiosks, there isnt much danger of side channel leakage there. The issue really is terminal and or networks you dont trust. 

            If you are on your personal computer, you can be on a public wifi hotspot and the dangers are minimal if you are using SSL. If it is a cert signed by a 'real' trusted authority (Thawte, etc.) I dont expect most people to know about that, but in many browsers you can click the lock in the URL bar and look at the certificate. It will tell you who the cert is for and who 'signed' it. Trey this at work, browse to a secure site, and check the cert. Some companies have installed their own cert and they can act as a 'man int he middle' and read all your traffic even if it is SSL. Buyer beware, your work may be watching you and ruling after ruling has upheld this is ok in the workplace if you are using their networks etc., but you should be warned so you can behave appropriately.

            Happy computing!

            Dont be too paranoid, just enough to be safe :D

            YIS respectfully,
            Lord Cameron de Grey
            Or, on a bend purpure between a wheel of cheese and a squirrel sable, three pheons palewise Or





            On Mon, Jan 6, 2014 at 12:14 PM, Dame Macha of Mountain Edge (known as the Determined) <macha@...> wrote:
             

            Thanks, Cameron - I too am rather paranoid about "public" Internets (Starbucks, airports, etc). In the past one had hoped that wired hotel Internet accesses were safer, but I guess we should worry about those now, even though some hotels charge as much as $15 per day to use them (!).


            However, one usage of hotel lobby terminals that I have still believed to be safe is for printing airline boarding passes (where one only enters the confirmation number and only uses the "public" airline site rather than logging into your account - if any - with the airline).

            Do you believe those also can be easily compromised?

            Macha

            On Jan 6, 2014, at 6:40 AM, Cameron deGrey wrote:

             

            Im gonna get on a little soapbox here, please forgive me.

            Never ever ever ever ever use a public terminal (computer, etc.) to access anything personal ever. This means ANYTHING you log into with credentials. UNLESS you have second factor authentication on. Google, eBay, and several others support it. What is second factor authentication? it is either a text message they send to your phone when you try to login in, then you enter the code, or it is a 'token' of some kind (in the form of a device app, or physical keychain etc that generates time based numbers). EVEN THEN, if it is a live attack there are issues that can arise depending on the location of the attacker in the network chain.

            If you can access the terminals, 'hackers' can too. whether it is keystroke loggers, or other malicious software to capture information. It can even be a device inline with the network, or a hardware keystroke logger. Perhaps you bring a thumb drive and plug it in so you can print a picture of lil Billy at the hotel, malware is smart enough to see the drive, spawn to it, and silently wait. The next time you go to grandmas house and plug that drive in to her computer, boom.

            Take this seriously people. If I have your email accounts, I can then go to all your financial sites, etc and reset all your passwords and gain access to (in most peoples cases) everything related to your modern life.

            Hate me if you will for being a 'know-it-all' but really my heart is in the right place. I would really hate to ever hear anyone telling a story about how their identity was stolen. Identity theft can really start with a simple email hack.

            Paranoid? YOU BET! This can ruin your entire life financially! Why not be a LITTLE paranoid. Weigh the consequences of convenience vice security.

            PS NO MATTER HOW GOOD SOMEONE THINKS THEY ARE, OR WHAT A PERSON OR COMPANY MAY CLAIM... the ONLY way to TRULY be sure you are free of viruses and malware, is to restore from a CD,DVD. Once you do that, go online ONLY to perform updates, and update until there are no more updates. Do not check mail, surf anywhere, do anything but update.

            There are really zero day exploits every week. The only one that can protect you, is YOU!

            Ill get off my soapbox now. Sorry for the rant.... :|

            Cameron the Serious


            On Sun, Jan 5, 2014 at 10:15 PM, John Rossignol <giguette@...> wrote:
             

            Best check any computer or mobile device you used at 12th Night, just in case.  Better safe than sorry.

            -John



            -------- Original Message --------
            Subject:[sca-west] Computer virus at 12th night hotel
            Date:Sun, 5 Jan 2014 21:03:22 -0500 (EST)
            From:kittycrowe@... <kittycrowe@...>
            Reply-To:sca-west@yahoogroups.com
            To:sca-west@yahoogroups.com


            Greetings!

            This message is directed to everyone who attended West Kingdom 12th Night at the Hilton this weekend and used the free computer access in the public areas of the hotel
            (located between hotel reg and the elevator/restaurant lobby) to access their email:

            This weekend while at 12th night, on Saturday I used the computers in the public area of the hotel to check my email. Today (Sunday) when I tried to again access my email there I found my account blocked by my email provider due to "suspicious activity" on my account.

            When I arrived back home I again tried to access my email account from my home computer - and received the same result. I was able to contact my provider by phone and get my account unblocked. When I subsequently was able to access my email I discovered that a large section of my address book had been spammed with a message containing a suspicious link.

            I phoned the hotel and notified them of this. They said that they would let their vendor know about the problem. I have also notified my mailing lists which got spammed with this.

            I advise anyone else who also accessed their email from these computers at the Hilton to check the condition of their email accounts.

            YIS
            Linda-Muireall








          Your message has been successfully submitted and would be delivered to recipients shortly.