Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
304 posts

Ultimate Geek
+1 received by user: 20


  Reply # 759329 11-Feb-2013 09:41 Send private message

I havn't used my xtra account for ages but it picked up old addresses I did post in the past.  Have change password.

Header was as follows:

Sat, 9 Feb 2013 23:52:11 +1300 (NZDT)
Received: from nm1.tnz.bullet.mail.aue.yahoo.com (nm1.tnz.bullet.mail.aue.yahoo.com [124.108.96.28])

Received: from [124.108.96.26] by nm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:11 -0000
Received: from [124.108.96.25] by tm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
Received: from [127.0.0.1] by omp1002.tnz.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 21619 invoked by uid 1000); 9 Feb 2013 10:52:10 -0000
Received: from 124.108.96.106 by rel106.mail.aue.yahoo.com with SMTP; Sat, 09 Feb 2013 02:52:10 -0800
Received: (qmail 73535 invoked by uid 60001); 9 Feb 2013 10:52:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360407130; X-YMail-OSG: Y.O6tmwVM1nDkxPPIX_L3lKe9wmc0wWudidGAMNf4FhEXUn
vgJ1lvMGp9EnOEGbHgPyd
Received: from [110.77.148.14] by web96108.mail.aue.yahoo.com via HTTP; Sat, 09 Feb 2013 23:52:10 NZDT
X-Mailer: YahooMailWebService/0.8.132.503
Message-ID: <[email protected]>

I type on computers
516 posts

Ultimate Geek
+1 received by user: 54

Trusted
Subscriber

  Reply # 759331 11-Feb-2013 09:48 Send private message

So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.









7450 posts

Uber Geek
+1 received by user: 959

Trusted
Subscriber

  Reply # 759332 11-Feb-2013 09:49 Send private message

Peppery: So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.


Our phones are red! I think we are at about 30 calls.

477 posts

Ultimate Geek
+1 received by user: 12

Trusted

  Reply # 759335 11-Feb-2013 10:14 Send private message

quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?





7450 posts

Uber Geek
+1 received by user: 959

Trusted
Subscriber

  Reply # 759345 11-Feb-2013 10:38 Send private message

Shock:
quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?


Yes. I don't believe it's a phishing issue at all, once passwords are compromised it's not that any longer. Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing. Xtra need to own up here. The problem is they will completely over-react and retighten all their security, won't tell anyone what they did, and those of us who support customers using xtra will have to guess what they did so that things work again!

At least that's what's happening in the past.

Awesome
4047 posts

Uber Geek
+1 received by user: 591

Trusted
Subscriber

  Reply # 759353 11-Feb-2013 10:47 Send private message

Yeah people are reporting their accounts have been compromised, but have never even used the Xtra email service they have...

Something (about the official line) doesn't smell right




Twitter: ajobbins

477 posts

Ultimate Geek
+1 received by user: 12

Trusted

  Reply # 759357 11-Feb-2013 10:51 Send private message

Just to not come off as a complete pain to people I know, maybe what I should be saying is that what is being described here is not lining up with what is being reported. Rather than 'spin' which has the negative connotations.

If it is an evolving issue then that's fine but the direction to the non technical folk is worrying as they will think it is something that it is not.

My great concern is that should your account have been compromised then all that personal information stored in the system online is now available even though you thought you were safe.





7450 posts

Uber Geek
+1 received by user: 959

Trusted
Subscriber

  Reply # 759364 11-Feb-2013 10:51 Send private message

and Another this time from Yahoo!

BDFL
50214 posts

Uber Geek
+1 received by user: 4749

Administrator
Trusted
Geekzone
Subscriber

  Reply # 759365 11-Feb-2013 10:52 Send private message

Yes, you will get the odd one from @yahoo.co.nz but probably not as many as @xtra.co.nz, probably because of the size of the user base.




2526 posts

Uber Geek
+1 received by user: 249

Trusted
Subscriber

  Reply # 759368 11-Feb-2013 10:53 Send private message

plambrechtsen: If anyone is getting any more recent spam messages (i'm looking at you JohnR Smile) not necessarily the bounce back messages which may just be a hangover from mail systems re-trying.

I would be very interested to get copies of the emails and they MUST include the full headers of the emails.

If you're not sure what I am talking about Full Headers then that's ok others have forwarded the spam emails to our team mailbox, but if you do know what I am talking about then please include the full headers from the email and send us an email ort @ telecom.co.nz 

It's still being actively investigated, and it seems from the threads I have seen that some mail servers are still affected.


Received one this morning and forwarded it to you guys.

1167 posts

Uber Geek
+1 received by user: 209

Subscriber

  Reply # 759395 11-Feb-2013 11:50 Send private message

It would appear that its a compromise at the Yahoo end, given its affecting people like me who were never xtra customers, and the spam is being sent from @xgtra, @yahoo.co.nz and @yahoo.com.au addresses, and its bein targeted at peoples contact lists.




1020 posts

Uber Geek
+1 received by user: 46


  Reply # 759399 11-Feb-2013 11:58 Send private message

networkn:  Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing.


While I'm not convinced that this is only the XSS phishing attack in play at all, it's not entirely correct to say that a phisher can't get your address book entries.  

I believe that the webmail by Yahoo/Xtra collects address book entries automatically, but in any case, the Yahoo XSS phishing hack from last month allows the attacker access to your webmail (by stealing your cookies) including the addressbook therein.

So yes, if this were the XSS phishing attack in use, they can (and would) send to your address book.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

I type on computers
516 posts

Ultimate Geek
+1 received by user: 54

Trusted
Subscriber

  Reply # 759400 11-Feb-2013 12:01 Send private message

Definitely a Yahoo issue rather than anything specific to Telecom, I've gotten them from @yahoo.com, @yahoo.co.nz and @xtra.co.nz. Just wondering how these are all happening as my boss is rather tech savvy with these sorts of things. (also sent through a couple of the xtra.co.nz ones that came this morning)









922 posts

Ultimate Geek
+1 received by user: 56

Trusted

  Reply # 759401 11-Feb-2013 12:03 Send private message

It's pretty poor that Telecom haven't posted anything about this on their Facebook news feed. I see that people who have written on their timeline asking for information have received some pretty defensive replies along the lines of "this has been discussed already" and referring them to a post some third party made about it that would never have appeared on their news feeds. This is not really what I would expect from Telecom.

255 posts

Ultimate Geek
+1 received by user: 17

Subscriber

  Reply # 759403 11-Feb-2013 12:09 Send private message

Does anyone know where these links lead?  Are they phishing for passwords or is there a payload that is downloaded etc.?

I have a few customers who have clicked the link.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Gigatown winner town and plans
Created by freitasm, last reply by mdooher on 27-Nov-2014 16:28 (75 replies)
Pages... 3 4 5


My un-consented UFB install
Created by thurthur, last reply by darkasdes2 on 28-Nov-2014 00:00 (54 replies)
Pages... 2 3 4


Click Monday Deals
Created by mrtoken, last reply by Krishant007 on 24-Nov-2014 17:11 (25 replies)
Pages... 2


Gull Employment Dispute.
Created by networkn, last reply by dafman on 27-Nov-2014 14:00 (145 replies)
Pages... 8 9 10


The Warehouse pulling R18 games and DVD's
Created by semigeek, last reply by Geektastic on 27-Nov-2014 18:32 (64 replies)
Pages... 3 4 5


A couple of Lightbox updates...
Created by Lightbox, last reply by NZtechfreak on 27-Nov-2014 22:56 (15 replies)

This is the end ...
Created by joker97, last reply by dickytim on 28-Nov-2014 06:41 (29 replies)
Pages... 2


Spark Fibre Modem with Gigabit Ethernet
Created by Rudder, last reply by plambrechtsen on 27-Nov-2014 11:21 (13 replies)


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.