Loading ...
Sorry, an error occurred while loading the content.
 

Re: [atlas_craftsman] not me...hacking info.

Expand Messages
  • john baird
    Thanks guy s for your support, it s a really horrible feeling, when you think of yourself being responsible for spam being sent all over the world.  Even
    Message 1 of 7 , Jun 14, 2013
    Thanks guy's for your support, it's a really horrible feeling, when you think of yourself
    being responsible for spam being sent all over the world.  Even though I know it happened
    after I turned my machine off at 23:30.
    Anyway I got a helpful email from Mike Nicewonger, and he advised me to look in the Yahoo
    Profile page, for log on activity,
    I have always used the Yahoo Classic mail, white and light blue,  and have never been able
    to access a profile page.
    However, today,  Yahoo have forced me into using the new mail system, white and purple
    screen, and in the top right, is a link to the profile page.
    So sure enough 4 minutes after shutting down my machine, there I am logged on in Brazil 
    shortly followed 50 minutes later by another log on in Columbia.  Thanks Mike, top man.

    So it wouldn't be too hard for someone at Yahoo to spot unusual activity,

    I took a screen shot of the page, and will attach as a pdf, hope this is of some help to
    others.

    I don't know how far away these Countries are, but it takes me more than 4 minutes to walk
    to the nearest bus stop.

    So through the Net it is possible to enter a "time warp"   "it's just a jump to the left,

    and a step to the right"  (Rocky Horror Show)
    And again apologies for taking up bandwidth on non machining subject, and again thanks to

    all those that replied on and off list, quite overwhelming really.
     
    Regards  jb


        From: Old Boats <eezebilt@...>
        To: "7x10minilathe@yahoogroups.com" <7x10minilathe@yahoogroups.com>
        Sent: Thursday, 13 June 2013, 18:09
        Subject: RE: [7x10minilathe] Re: not me



        Some malicious software operates by reading the address file from a machine, and then
    sending out messages to all the harvested adresses, with the 'From' field filled in using
    other names randomly picked from those adresses. The idea is that you are more likely to
    open an email if a friend or aquaintance has apparently sent it.
        This means that your machine doesn't have to be compromised at all. Just some machine
    with your address in its address file getting hit is enough to have messages fired all over
    the net apparently coming from you. It is unlikely that you will ever find out where the
    original infection occurred - it could be on a company's machine from whom you once bought
    something...


    From: "jerdal@..." <jerdal@...>
    To: atlas_craftsman@yahoogroups.com
    Sent: Thursday, 13 June 2013, 4:43
    Subject: Re: [atlas_craftsman] not me...hacking info.

    The problem is that the Yahoos do not allow anything but alphanumeric and a
    VERY short list of other things, like maybe 2 or 4 "punctuation" marks.
    So, no square brackets, etc, which is my favorite method.

    I suppose you can swap several vowels with numbers, or tanspose the word in
    different ways, so you can easily remember that the password is "lathe", but
    using the letters to the right on the keyboard, or the next one in the
    alphabet, which would make it "asyjr", or "obuif".  Alternately it could be
    "-lathe" , etc.  You get the picture.

    The thing about changing passwords is fine, but then you have to remember a
    changing spectrum of unguessable passwords, correctly associated with each
    of the two dozen places that the average person has passwords (whether they
    recall having one or not).  It is not practical.  Who wants to remember
    "hz%$5#w"?  And then remember a dozen others of like nature?

    Better method is to have security levels.  Yes your yahoo account can get
    hacked..... and you might stub your toe, or have a hangnail, too.  None will
    do more than annoy you.  So use your low security standard password, the one
    you use for many otehr things like it.

    "Oh, but then people who guess it can get everywhere"....

    So?  It's low security, therefore the things you used it for are not
    important.  And, the person has to be very "directed", i.e. they must be
    trying to get into all the places that YOU go, not the places that Jon, or
    Rex goes.    Chances are that no "casual hacker" who isn't focused directly
    on YOU will bother to try a password elsewhere.

    For important stuff, use a different one, or several.  But you can cut the
    number of passwords way down by doing this.

    And, "low security" does not mean "easy to guess"....  it means you use it
    for many low importance things, groups, BBS, etc.  Not for bank accounts.

    As for banking, the very best thing you can do is NOT do on-line banking.
    Keep your Quicken accounting program on a computer that has NO internet
    connectivity.  Use your laptop to get what you need while you are at the
    accounting computer.  If you do that, you simply will not get financial
    stuff hacked into without equipment that only the NSA and the chinese are
    likely to have... (read your screen remotely via emitted radiation, etc).
    Even the NSA would approve that security technique.

    JT

    ----- Original Message -----
    From: "Jon Elson" <elson@...>
    To: <atlas_craftsman@yahoogroups.com>
    Sent: Wednesday, June 12, 2013 8:00 PM
    Subject: Re: [atlas_craftsman] not me...hacking info.


    > Yeah, if you have full access to run computer programs on the system,
    > you can hack
    > passwords fairly quickly, although on Unix/Linux systems, the algorithms
    > make it
    > pretty slow.  Not sure what sort of OS Yahoo uses.
    >
    > But, if a hacker is trying one password a day on thousands of different
    > accounts,
    > it is fairly hard to defend against.  In that case, changing them often
    > is good, but
    > using unguessable passwords is better.  A good system is two totally
    > unrelated
    > words and a number.  Something like swifthouse1309 will take a LONG time
    > to guess.  On Uinx/Linux systems, the password is encrypted on the
    > system with
    > a code that is VERY hard to reverse.  So, the system takes the password
    > you
    > supply and encrypts it, and sees if it matches the encrypted PW, using the
    > same computer code as the original PW was encrypted with.  The way you
    > crack this if you can get logged onto the machine, is to make a relentless
    > attack with a dictionary, trying every word in the dictionary.  This gets
    > a lot slower if you have to try logging in over the net.  If the password
    > is not in any dictionary, then the hacking program will never get in.
    >
    > Jon
    >
    >
    > ------------------------------------
    >
    > TO UNSUBSCRIBE FROM THE LIST:
    > You do this yourself by sending a message to:
    > atlas_craftsman-unsubscribe@yahoogroups.com
    >
    > Atlas-Craftsman Projects list is at
    > http://groups.yahoo.com/group/atlas_craftsman_projects/
    >
    > To see or edit your personal settings, view the photos, files or links
    > http://groups.yahoo.com/group/atlas_craftsman/
    >
    > The Atlas-Craftsman Wiki is at
    > http://pico-systems.com/cgi-bin/Atlas-wiki/Atlas.cgi
    > Please submit things you think will be useful to Jon Elson at
    > mailto://elson@...! Groups Links
    >
    >
    >



    ------------------------------------

    TO UNSUBSCRIBE FROM THE LIST:
    You do this yourself by sending a message to:
    atlas_craftsman-unsubscribe@yahoogroups.com

    Atlas-Craftsman Projects list is at http://groups.yahoo.com/group/atlas_craftsman_projects/

    To see or edit your personal settings, view the photos, files or links http://groups.yahoo.com/group/atlas_craftsman/

    The Atlas-Craftsman Wiki is at http://pico-systems.com/cgi-bin/Atlas-wiki/Atlas.cgi
    Please submit things you think will be useful to Jon Elson at mailto://elson@...! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/atlas_craftsman/

    <*> Your email settings:
        Individual Email | Traditional

    <*> To change settings online go to:
        http://groups.yahoo.com/group/atlas_craftsman/join
        (Yahoo! ID required)

    <*> To change settings via email:
        atlas_craftsman-digest@yahoogroups.com
        atlas_craftsman-fullfeatured@yahoogroups.com

    <*> To unsubscribe from this group, send an email to:
        atlas_craftsman-unsubscribe@yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/



  • jtiers
    In this case, as usual, the hacker HAD to get into the actual Yahoo account, they couldn t have spoofed the address. So many people have bad passwords, all you
    Message 2 of 7 , Jun 14, 2013
      In this case, as usual, the hacker HAD to get into the actual Yahoo account, they couldn't have spoofed the address.
       
      So many people have bad passwords, all you really have to do is not be one of them.  Then you are more trouble to hack, and chances are better you are OK.  Not guaranteed, there are ways to hack the password list, running it backwards,  if you can get "inside".  I assume that several hacking groups are actually "inside" Yahoo, in the sense that they have cracked-in and can use Yahoo whenever they want to, in any way they want to. (perhaps Yahoo even pays them to let Yahoo stay "up"... it would explain a lot). But a good password is likely to be a big help for most outside hackers.
       
      JT
      ----- Original Message -----
      Sent: Friday, June 14, 2013 6:21 AM
      Subject: Re: [atlas_craftsman] not me...hacking info. [1 Attachment]

      Thanks guy's for your support, it's a really horrible feeling, when you think of yourself
      being responsible for spam being sent all over the world.  Even though I know it happened
      after I turned my machine off at 23:30.
      ....................So sure enough 4 minutes after shutting down my machine, there I am logged on in Brazil 
      shortly followed 50 minutes later by another log on in Columbia.  Thanks Mike, top man.
      Regards  jb


          From: Old Boats <eezebilt@...>
          To: "7x10minilathe@yahoogroups.com" <7x10minilathe@yahoogroups.com>
          Sent: Thursday, 13 June 2013, 18:09
          Subject: RE: [7x10minilathe] Re: not me



          Some malicious software operates by reading the address file from a machine, and then
      sending out messages to all the harvested adresses, with the 'From' field filled in using
      other names randomly picked from those adresses. The idea is that you are more likely to
      open an email if a friend or aquaintance has apparently sent it.
          This means that your machine doesn't have to be compromised at all. Just some machine
      with your address in its address file getting hit is enough to have messages fired all over
      the net apparently coming from you. It is unlikely that you will ever find out where the
      original infection occurred - it could be on a company's machine from whom you once bought
      something...

       
    • outlawmws
      Hacking passwords the hard way is actually not the primary way hacker go after them. it s far easier, faster and profitable to post out too good to be true
      Message 3 of 7 , Jun 15, 2013
        Hacking passwords the hard way is actually not the primary way hacker go after them. it's far easier, faster and profitable to post out "too good to be true" offer/links in various social media, including (especially?) Yahoo groups, and the link get you an keystroke logging program loaded up and then it simply collects password and username info of all types. this gets them yahoo accounts, email, your banking and PayPal info, etc.

        That gets then sold to the highest bidder, and then the real criminals step in...

        If your PW has been hacked, and they have access yo your actual account, you need to go to a DIFFERENT COMPUTER (that you are reasonably certain is clean) and change the passwords, and get the malware off your old computer. (which can take some doing...) best to do this while it is disconnected from the internet. (If you need to load anti-malware SW, get it on another clean machine and onto CD/DVD, and then load, connect to down load ONLY if you must, and then don't use any of you passwords as you will give them away again on the "dirty" machine...

        --- In atlas_craftsman@yahoogroups.com, wbhinkle@... wrote:
        >
        > I have stated this on other Yahoo Groups:
        > Change your "PASSWORD OFTEN" at least every 30 days. Reason why... At a
        > computer group meeting a year or 2 ago a Professor from a local University
        > talked about Hacking and Passwords. He said He had written a program to scan
        > for passwords and it takes less than 4 minutes to determine what your
        > password is. He scanned the club computer and retrived the password in less than
        > 3 minutes. Saving grace is, hackers don't usually use your mined password
        > right away, they sell it and it might be a month or more before someone
        > tries to use it.
        > thanks for listening to my rant.
        > bill hinkle
        > in Midwest USA
        >
        >
        > In a message dated 6/12/2013 12:05:04 P.M. Central Daylight Time,
        > alexandra.leaving@... writes:
        >
        >
        > Sorry guys, It seems my Yahoo Account has been hacked.
        > I don't keep an address book, so it seems to target / use the Yahoo Groups.
        > Tue evening 11 June 2013 at 23:22 I replied to a group, and switched the
        > machine off.
        > At 23:35 messages started to be sent out, in my name to various Yahoo
        > contacts.
        > NOT coming from my machine.
        >
        > Wed morning 10:00 12 June 2013, Switched on,
        > Yahoo had locked my account because of suspicious activity,
        > had to go through verification and reset password and account details.
        >
        > I run real time AVG for anti-virus and anti root-kit,
        > and I run Malware Bytes for malware
        >
      • Dave Hylands
        Well about a year ago, yahoo was hacked and about a half million accounts were stolen. http://www.cnn.com/2012/07/12/tech/web/yahoo-users-hacked There were
        Message 4 of 7 , Jun 15, 2013
          Well about a year ago, yahoo was hacked and about a half million accounts were stolen.
          http://www.cnn.com/2012/07/12/tech/web/yahoo-users-hacked

          There were some other large sites which have been hacked recently as well, where passwords were stolen, and since many people use the same password for everything, lots of yahoo accounts were compromised that way as well.

          Dave Hylands


          On Sat, Jun 15, 2013 at 6:52 AM, outlawmws <outlawmws@...> wrote:
          Hacking passwords the hard way is actually not the primary way hacker go after them.  it's far easier, faster and profitable to post out "too good to be true" offer/links in various social media, including (especially?) Yahoo groups, and the link get you an keystroke logging program loaded up and then it simply collects password and username info of all types. this gets them yahoo accounts, email, your banking and PayPal info, etc.

          That gets then sold to the highest bidder, and then the real criminals step in...

          If your PW has been hacked, and they have access yo your actual account, you need to go to a DIFFERENT COMPUTER (that you are reasonably certain is clean) and change the passwords, and get the malware off your old computer.  (which can take some doing...)  best to do this while it is disconnected from the internet.  (If you need to load anti-malware SW, get it on another clean machine and onto CD/DVD, and then load,  connect to down load ONLY if you must, and then don't use any of you passwords as you will give them away again on the "dirty" machine...

          --- In atlas_craftsman@yahoogroups.com, wbhinkle@... wrote:
          >
          > I have stated this on other Yahoo Groups:
          > Change your "PASSWORD OFTEN" at least every 30 days. Reason why... At a
          > computer group meeting a year or 2 ago a Professor from a local University
          > talked about Hacking and Passwords. He said He had written a program to scan
          > for  passwords and it takes less than 4 minutes to determine what your
          > password is.  He scanned the club computer and retrived the password in less than
          > 3 minutes.  Saving grace is, hackers don't usually use your mined password
          > right away, they  sell it and it might be a month or more before someone
          > tries to use it.
          > thanks for listening to my rant.
          > bill hinkle
          > in Midwest USA
          >
          >
          > In a message dated 6/12/2013 12:05:04 P.M. Central Daylight Time,
          > alexandra.leaving@... writes:
          >
          >
          > Sorry guys, It seems my Yahoo Account has been  hacked.
          > I don't keep an address book, so it seems to target / use the  Yahoo Groups.
          > Tue evening 11 June 2013 at 23:22 I replied to a group,  and switched the
          > machine off.
          > At 23:35 messages started to be sent  out, in my name to various Yahoo
          > contacts.
          > NOT coming from my  machine.
          >
          > Wed morning 10:00 12 June 2013,   Switched  on,
          > Yahoo had locked my account because of suspicious  activity,
          > had to go through verification and reset password and  account details.
          >
          > I run real time AVG for anti-virus and anti  root-kit,
          > and I run Malware Bytes for  malware
        Your message has been successfully submitted and would be delivered to recipients shortly.