Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
304 posts

Ultimate Geek
+1 received by user: 20


  Reply # 759329 11-Feb-2013 09:41 Send private message

I havn't used my xtra account for ages but it picked up old addresses I did post in the past.  Have change password.

Header was as follows:

Sat, 9 Feb 2013 23:52:11 +1300 (NZDT)
Received: from nm1.tnz.bullet.mail.aue.yahoo.com (nm1.tnz.bullet.mail.aue.yahoo.com [124.108.96.28])

Received: from [124.108.96.26] by nm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:11 -0000
Received: from [124.108.96.25] by tm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
Received: from [127.0.0.1] by omp1002.tnz.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 21619 invoked by uid 1000); 9 Feb 2013 10:52:10 -0000
Received: from 124.108.96.106 by rel106.mail.aue.yahoo.com with SMTP; Sat, 09 Feb 2013 02:52:10 -0800
Received: (qmail 73535 invoked by uid 60001); 9 Feb 2013 10:52:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360407130; X-YMail-OSG: Y.O6tmwVM1nDkxPPIX_L3lKe9wmc0wWudidGAMNf4FhEXUn
vgJ1lvMGp9EnOEGbHgPyd
Received: from [110.77.148.14] by web96108.mail.aue.yahoo.com via HTTP; Sat, 09 Feb 2013 23:52:10 NZDT
X-Mailer: YahooMailWebService/0.8.132.503
Message-ID: <[email protected]>

I type on computers
516 posts

Ultimate Geek
+1 received by user: 54

Trusted
Subscriber

  Reply # 759331 11-Feb-2013 09:48 Send private message

So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.









7570 posts

Uber Geek
+1 received by user: 1000

Trusted
Subscriber

  Reply # 759332 11-Feb-2013 09:49 Send private message

Peppery: So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.


Our phones are red! I think we are at about 30 calls.

478 posts

Ultimate Geek
+1 received by user: 12

Trusted

  Reply # 759335 11-Feb-2013 10:14 Send private message

quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?





7570 posts

Uber Geek
+1 received by user: 1000

Trusted
Subscriber

  Reply # 759345 11-Feb-2013 10:38 Send private message

Shock:
quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?


Yes. I don't believe it's a phishing issue at all, once passwords are compromised it's not that any longer. Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing. Xtra need to own up here. The problem is they will completely over-react and retighten all their security, won't tell anyone what they did, and those of us who support customers using xtra will have to guess what they did so that things work again!

At least that's what's happening in the past.

Awesome
4077 posts

Uber Geek
+1 received by user: 643

Trusted
Subscriber

  Reply # 759353 11-Feb-2013 10:47 Send private message

Yeah people are reporting their accounts have been compromised, but have never even used the Xtra email service they have...

Something (about the official line) doesn't smell right




Twitter: ajobbins

478 posts

Ultimate Geek
+1 received by user: 12

Trusted

  Reply # 759357 11-Feb-2013 10:51 Send private message

Just to not come off as a complete pain to people I know, maybe what I should be saying is that what is being described here is not lining up with what is being reported. Rather than 'spin' which has the negative connotations.

If it is an evolving issue then that's fine but the direction to the non technical folk is worrying as they will think it is something that it is not.

My great concern is that should your account have been compromised then all that personal information stored in the system online is now available even though you thought you were safe.





7570 posts

Uber Geek
+1 received by user: 1000

Trusted
Subscriber

  Reply # 759364 11-Feb-2013 10:51 Send private message

and Another this time from Yahoo!

BDFL
50458 posts

Uber Geek
+1 received by user: 4856

Administrator
Trusted
Geekzone
Subscriber

  Reply # 759365 11-Feb-2013 10:52 Send private message

Yes, you will get the odd one from @yahoo.co.nz but probably not as many as @xtra.co.nz, probably because of the size of the user base.




2532 posts

Uber Geek
+1 received by user: 252

Trusted
Subscriber

  Reply # 759368 11-Feb-2013 10:53 Send private message

plambrechtsen: If anyone is getting any more recent spam messages (i'm looking at you JohnR Smile) not necessarily the bounce back messages which may just be a hangover from mail systems re-trying.

I would be very interested to get copies of the emails and they MUST include the full headers of the emails.

If you're not sure what I am talking about Full Headers then that's ok others have forwarded the spam emails to our team mailbox, but if you do know what I am talking about then please include the full headers from the email and send us an email ort @ telecom.co.nz 

It's still being actively investigated, and it seems from the threads I have seen that some mail servers are still affected.


Received one this morning and forwarded it to you guys.

1199 posts

Uber Geek
+1 received by user: 219

Subscriber

  Reply # 759395 11-Feb-2013 11:50 Send private message

It would appear that its a compromise at the Yahoo end, given its affecting people like me who were never xtra customers, and the spam is being sent from @xgtra, @yahoo.co.nz and @yahoo.com.au addresses, and its bein targeted at peoples contact lists.




1020 posts

Uber Geek
+1 received by user: 46


  Reply # 759399 11-Feb-2013 11:58 Send private message

networkn:  Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing.


While I'm not convinced that this is only the XSS phishing attack in play at all, it's not entirely correct to say that a phisher can't get your address book entries.  

I believe that the webmail by Yahoo/Xtra collects address book entries automatically, but in any case, the Yahoo XSS phishing hack from last month allows the attacker access to your webmail (by stealing your cookies) including the addressbook therein.

So yes, if this were the XSS phishing attack in use, they can (and would) send to your address book.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

I type on computers
516 posts

Ultimate Geek
+1 received by user: 54

Trusted
Subscriber

  Reply # 759400 11-Feb-2013 12:01 Send private message

Definitely a Yahoo issue rather than anything specific to Telecom, I've gotten them from @yahoo.com, @yahoo.co.nz and @xtra.co.nz. Just wondering how these are all happening as my boss is rather tech savvy with these sorts of things. (also sent through a couple of the xtra.co.nz ones that came this morning)









933 posts

Ultimate Geek
+1 received by user: 58

Trusted

  Reply # 759401 11-Feb-2013 12:03 Send private message

It's pretty poor that Telecom haven't posted anything about this on their Facebook news feed. I see that people who have written on their timeline asking for information have received some pretty defensive replies along the lines of "this has been discussed already" and referring them to a post some third party made about it that would never have appeared on their news feeds. This is not really what I would expect from Telecom.

256 posts

Ultimate Geek
+1 received by user: 17

Subscriber

  Reply # 759403 11-Feb-2013 12:09 Send private message

Does anyone know where these links lead?  Are they phishing for passwords or is there a payload that is downloaded etc.?

I have a few customers who have clicked the link.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Has Spark (Telecom) locked their iphone 6 ?
Created by anewguy2014, last reply by michaelmurfy on 17-Dec-2014 14:32 (25 replies)
Pages... 2


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 19-Dec-2014 19:10 (49 replies)
Pages... 2 3 4


Police Camera Van Disguise
Created by Reanalyse, last reply by coffeebaron on 19-Dec-2014 21:38 (22 replies)
Pages... 2


In defence of cats
Created by Rikkitic, last reply by DarthKermit on 17-Dec-2014 15:40 (68 replies)
Pages... 3 4 5


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


Lightbox launches on PlayStation 4
Created by freitasm, last reply by sultanoswing on 19-Dec-2014 20:56 (39 replies)
Pages... 2 3


How is iParcel these days?
Created by peejayw, last reply by surfisup1000 on 18-Dec-2014 21:45 (19 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.