Re: [Y-Mail] Yahoo Mail Hack Sending Emails With Single Link To Rogue Websites
If you mean the incident where many people found their accounts suddenly
needed to be re-activated, and after doing that their emails were gone,
then I think that was a Yahoo Glitch, and not a consequence of the
emails with rogue links.
Or, at least not related in any direct way.
On 3/7/2013 10:31 AM, CB wrote:
> I can verify I DID NOT CLICK ON ANYTHING (or link) I went online and all
> the emails and folders were gone!!!!!!
> From: Donna Lee <donna74128@...>Only or most? Big difference.
> Why is only affecting Yahoo email accounts too?
> Most of the accounts that have been hacked are those with a Yahoo email!
> If you have a good eye, you'll see the dash & know it's not really aIt gets much worse than inserting a hyphen, or otherwise misspelling a popular site. With the move toward allowing Unicode characters in domain names we could see malicious sites named with characters that look like ASCII (Roman) letters, but aren't.
> youtube link. So yes, taking 2 or 3 seconds to inspect the url is always
"IDN homograph attack"
"Never give a sucker an even break" has never been truer.
> From: Shal Farley <shal@...>3D molecule viewer I sometimes use is Java-based.
> > The weaknesses are not in yahoo, but in Windows, browsers and their plugins
> > (Java, Acrobat, Flash), ...
> > If you use Windows then you are vulnerable, yahoo cannot fix your Windows.
> Or perhaps one of those plug-ins.
> I've evicted Java from my computers -- too many zero-day exploits in
> a row, and I don't know why I had it. That is, nothing I use daily
> has stopped working; no doubt I'll get a reminder eventually.
I use QuickJava add-on for Firefox and keep Java normally turned off.
I also use FlashBlock add-on.
> > I use Unix instead of Windows on my (usual) computer atCurrently for FreeBSD only Flash 11.2r202.273 is available.
> > home, so I could safely experiment.
> If the plug-ins are involved there may be more variables than just
> the OS. The victims may have had an outdated plug-in whereas you no
> doubt keep yours up-to-date, or possible don't use them.
However, exploits can work under Windows only: code written for Windows
can work under another operating system only under an emulator
such as Wine, but Firefox works not under Wine.
> we don't know what percentage of the people who receivedThe numbers (about 10-15% IIRC) are in a couple articles among these:
> and clicked on such links were subsequently exploited.
> All we knowI agree. But under Windows timely updates are not enough because of
> is that it was apparently enough to propagate the problem to others.
> I'd actually expect that people prone to click on rogue links are
> also people prone to ignore updates, but that's just a stereotype in
> my mind.
zero-day exploits (of plugins, browsers and Windows)
and because the felons steal FTP passwords and contaminate
legitimate websites too.
- Only Yahoo emails are the ones being hacked. When I get these type of emails with only a link it is always a Yahoo account. Now the name of the person holding the account is placed in the subject line. I just got one from my brother and he has a Yahoo account.
Donna Ford Lee ♂+♀=♡
Don't cry because it's over,
smile because it happened.
Sent Via My iPhone