Loading ...
Sorry, an error occurred while loading the content.

Yahoo Users/Groups Hacked

Expand Messages
  • Art Kocsis
    Followup to chris whyte s post It appears that there may be a major attack on yahoo going on. It may be that yahoo groups itself may have been hacked but
    Message 1 of 11 , Aug 22, 2012
    • 0 Attachment
      Followup to "chris whyte's" "post"

      It appears that there may be a major attack on yahoo going on. It may be
      that yahoo groups itself may have been hacked but more likely a large
      number of yahoo mail users have been hacked and the SPAM/malware(?)
      sent out via to their entire address books.

      I just received a post almost identical to chris' from another yahoo group,
      only the sender and domain was changed - the path was identical. Both
      senders had yahoo.com addresses.

      So, do not open ANYTHING you get from ANY yahoo group or yahoo.com
      address with subject "Unknown". Especially if you view your mail on your
      home computer rather than a web mail viewer. If you really feel the need to
      examine it, write to the sender first and ask him/her if it is legitimate. Do't
      risk your safety. Your anti-virus/anti-spyware protection is not guaranteed
      to be 100% effective.

      Namaste', Art
    • John Shotsky
      You are right about the breach. It was just a few months ago, and it was not well publicized. I think about 450,000 accounts were compromised, and the spam
      Message 2 of 11 , Aug 22, 2012
      • 0 Attachment
        You are right about the breach. It was just a few months ago, and it was not well publicized. I think about 450,000
        accounts were compromised, and the spam began shortly afterwards. Everyone with a Yahoo account should change their
        passwords as a precaution. I think there was a link at one time that you could use to check whether your name was
        involved or not. As I recall, you had to be using one of Yahoo's features that is not all that common.

        Regards,
        John
        RecipeTools Web Site: <http://recipetools.gotdns.com/> http://recipetools.gotdns.com/

        From: ntb-clips@yahoogroups.com [mailto:ntb-clips@yahoogroups.com] On Behalf Of Art Kocsis
        Sent: Wednesday, August 22, 2012 20:35
        To: NoteTab-Clips
        Subject: [Clip] Yahoo Users/Groups Hacked


        Followup to "chris whyte's" "post"

        It appears that there may be a major attack on yahoo going on. It may be
        that yahoo groups itself may have been hacked but more likely a large
        number of yahoo mail users have been hacked and the SPAM/malware(?)
        sent out via to their entire address books.

        I just received a post almost identical to chris' from another yahoo group,
        only the sender and domain was changed - the path was identical. Both
        senders had yahoo.com addresses.

        So, do not open ANYTHING you get from ANY yahoo group or yahoo.com
        address with subject "Unknown". Especially if you view your mail on your
        home computer rather than a web mail viewer. If you really feel the need to
        examine it, write to the sender first and ask him/her if it is legitimate. Do't
        risk your safety. Your anti-virus/anti-spyware protection is not guaranteed
        to be 100% effective.

        Namaste', Art



        [Non-text portions of this message have been removed]
      • Axel Berger
        ... If it s a known and legitimate sender, whose address may have been spoofed, perhaps. Otherwise NEVER reply to spam. All this does is verify your address as
        Message 3 of 11 , Aug 22, 2012
        • 0 Attachment
          Art Kocsis wrote:
          > write to the sender first and ask him/her if it is legitimate.

          If it's a known and legitimate sender, whose address may have been
          spoofed, perhaps. Otherwise NEVER reply to spam. All this does is verify
          your address as extant, valid, and read, which is worth gold to
          compilers of spam lists.

          Apart form that, personally I open everything and run nothing.

          Axel
        • Art Kocsis
          ... Sigh. No matter how careful one tries to be... My suggestion to write to the sender was meant to be in the context of a known (to you) sender. However, in
          Message 4 of 11 , Aug 23, 2012
          • 0 Attachment
            At 8/22/2012 10:42 PM, Axel wrote:
            >Art Kocsis wrote:
            > > write to the sender first and ask him/her if it is legitimate.
            >
            >If it's a known and legitimate sender, whose address may have been
            >spoofed, perhaps. Otherwise NEVER reply to spam. All this does is verify
            >your address as extant, valid, and read, which is worth gold to
            >compilers of spam lists.

            Sigh. No matter how careful one tries to be... My suggestion to write to the
            sender was meant to be in the context of a known (to you) sender. However,
            in rereading my post - gremlin attack! - that proviso wasn't there. Brain fart?
            Senior moment? Alternate universe? In any case, yes, never reply to SPAM.
            Don't even click the "opt out" link as it most likely is just an email
            validator,
            not a true opt out, and multiplies the value of your email address.


            >Apart form that, personally I open everything and run nothing.

            If you open/preview your email in a non-rendering client I would agree with
            you. However, if you open your mail in a client that renders HTML, i.e., if
            you see embedded images or clickable links, then you are validating your
            address to the sender with every web beacon included (1 bit images with
            unique identifying codes) and then you like more SPAM than I do.

            In addition, just the act of opening some messages may be enough to
            trigger an attack. Personally, I preview all of my mail with a non-rendering
            viewer (Mailwasher), while it is still on the server. Any SPAM or malware
            gets deleted immediately before downloading.

            Namaste', Art
          • Adrien Verlee
            ... Thunderbird has the option to go offline (while still online). What about that? -- Adrien
            Message 5 of 11 , Aug 23, 2012
            • 0 Attachment
              Op 23/08/2012 13:00, Art Kocsis schreef:
              > In addition, just the act of opening some messages may be enough to
              > trigger an attack. Personally, I preview all of my mail with a non-rendering
              > viewer (Mailwasher), while it is still on the server. Any SPAM or malware

              Thunderbird has the option to go offline (while still online). What
              about that?

              --
              Adrien
            • John Shotsky
              I found the report about this security breach. I m posting it here for ease of reading, but note how it also may affect other internet email sources. One had
              Message 6 of 11 , Aug 23, 2012
              • 0 Attachment
                I found the report about this security breach. I'm posting it here for ease of reading, but note how it also may affect
                other internet email sources. One had to have been using Yahoo 'voice' to have been exposed.
                http://www.csoonline.com/article/710804/yahoo-security-breach-shocks-experts
                Keep your guard up.

                Regards,
                John
                RecipeTools Web Site: <http://recipetools.gotdns.com/> http://recipetools.gotdns.com/

                From: John Shotsky [mailto:jshotsky@...]
                Sent: Wednesday, August 22, 2012 21:19
                To: 'ntb-clips@yahoogroups.com'
                Subject: RE: [Clip] Yahoo Users/Groups Hacked

                You are right about the breach. It was just a few months ago, and it was not well publicized. I think about 450,000
                accounts were compromised, and the spam began shortly afterwards. Everyone with a Yahoo account should change their
                passwords as a precaution. I think there was a link at one time that you could use to check whether your name was
                involved or not. As I recall, you had to be using one of Yahoo's features that is not all that common.

                Regards,
                John
                RecipeTools Web Site: <http://recipetools.gotdns.com/> http://recipetools.gotdns.com/

                From: ntb-clips@yahoogroups.com [mailto:ntb-clips@yahoogroups.com] On Behalf Of Art Kocsis
                Sent: Wednesday, August 22, 2012 20:35
                To: NoteTab-Clips
                Subject: [Clip] Yahoo Users/Groups Hacked


                Followup to "chris whyte's" "post"

                It appears that there may be a major attack on yahoo going on. It may be
                that yahoo groups itself may have been hacked but more likely a large
                number of yahoo mail users have been hacked and the SPAM/malware(?)
                sent out via to their entire address books.

                I just received a post almost identical to chris' from another yahoo group,
                only the sender and domain was changed - the path was identical. Both
                senders had yahoo.com addresses.

                So, do not open ANYTHING you get from ANY yahoo group or yahoo.com
                address with subject "Unknown". Especially if you view your mail on your
                home computer rather than a web mail viewer. If you really feel the need to
                examine it, write to the sender first and ask him/her if it is legitimate. Do't
                risk your safety. Your anti-virus/anti-spyware protection is not guaranteed
                to be 100% effective.

                Namaste', Art



                [Non-text portions of this message have been removed]
              • brother.gabriel
                Thunderbird also has the ability to disable javascript in email messages, and to forbid the loading of external objects without a click the button to enable
                Message 7 of 11 , Aug 23, 2012
                • 0 Attachment
                  Thunderbird also has the ability to disable javascript in email messages, and to forbid the loading of external objects without a "click the button to enable" permission.

                  --- In ntb-clips@yahoogroups.com, Adrien Verlee <adrien.verlee@...> wrote:
                  >
                  > Op 23/08/2012 13:00, Art Kocsis schreef:
                  > > In addition, just the act of opening some messages may be enough to
                  > > trigger an attack. Personally, I preview all of my mail with a non-rendering
                  > > viewer (Mailwasher), while it is still on the server. Any SPAM or malware
                  >
                  > Thunderbird has the option to go offline (while still online). What
                  > about that?
                  >
                  > --
                  > Adrien
                  >
                • Axel Berger
                  ... Yes, I learnt that in this very group, and have since turned off images, script and CSS. A clickable link as such is harmless, though I always check what
                  Message 8 of 11 , Aug 23, 2012
                  • 0 Attachment
                    Art Kocsis wrote:
                    > i.e., if you see embedded images or clickable links,

                    Yes, I learnt that in this very group, and have since turned off images,
                    script and CSS. A clickable link as such is harmless, though I always
                    check what information it sends out before clicking or pasting it to
                    another browser.

                    > In addition, just the act of opening some messages may be enough to
                    > trigger an attack.

                    Attacks on weaknesses of Netscape 4.8 have become very infrequent - I'm
                    not saying impossible but feel rather safe all the same.

                    Axel
                  • Art Kocsis
                    ... Thanks for the link, John. Storing passwords in plain text is criminal negligence. Maybe if jail time was a potential consequence some of these companies
                    Message 9 of 11 , Aug 23, 2012
                    • 0 Attachment
                      At 8/23/2012 04:44 AM, John wrote:
                      >I found the report about this security breach. I'm posting it here for
                      >ease of reading, but note how it also may affect
                      >other internet email sources. One had to have been using Yahoo 'voice' to
                      >have been exposed.
                      >http://www.csoonline.com/article/710804/yahoo-security-breach-shocks-experts

                      Thanks for the link, John.

                      Storing passwords in plain text is criminal negligence. Maybe if jail time
                      was a potential
                      consequence some of these companies wouldn't be so cavalier with critical
                      data. If
                      security was a priority instead of a passing thought breeches like this
                      would not happen.

                      Yahoo's contention that only "freelance journalists who write content for
                      Yahoo Voices"
                      were affected is a bit suspect. I don't think the person who was hacked
                      from the other
                      group is a writer. I will check it out.

                      Art
                    • Art Kocsis
                      ... Netscape??? No, I don t imagine any bad guys are exploiting Netscape s vulnerabilities anymore. I was thinking of Outlook in particular. It is both popular
                      Message 10 of 11 , Aug 23, 2012
                      • 0 Attachment
                        At 8/23/2012 06:55 AM, Axel wrote:
                        >Art Kocsis wrote:
                        > > In addition, just the act of opening some messages may be enough to
                        > > trigger an attack.
                        >
                        >Attacks on weaknesses of Netscape 4.8 have become very infrequent - I'm
                        >not saying impossible but feel rather safe all the same.

                        Netscape??? No, I don't imagine any bad guys are exploiting Netscape's
                        vulnerabilities anymore. I was thinking of Outlook in particular. It is both
                        popular and full of holes.

                        Art
                      • Don
                        Time to go off topic may I suggest? I ll copy it there.
                        Message 11 of 11 , Aug 24, 2012
                        • 0 Attachment
                          Time to go off topic may I suggest? I'll copy it there.
                        Your message has been successfully submitted and would be delivered to recipients shortly.