Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsTelecom New Zealand, XT Network, Yahoo!XtraWidespread Email Compromise at Yahoo/Xtra
View this topic in a long page with up to 500 replies per page Create new topic
Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13Next
166 posts

Master Geek
  Reply # 759329 11-Feb-2013 09:41 Send private message

I havn't used my xtra account for ages but it picked up old addresses I did post in the past.  Have change password.

Header was as follows:

Sat, 9 Feb 2013 23:52:11 +1300 (NZDT)
Received: from nm1.tnz.bullet.mail.aue.yahoo.com (nm1.tnz.bullet.mail.aue.yahoo.com [124.108.96.28])

Received: from [124.108.96.26] by nm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:11 -0000
Received: from [124.108.96.25] by tm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
Received: from [127.0.0.1] by omp1002.tnz.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 779396.10328.bm@omp1002.tnz.mail.aue.yahoo.com
Received: (qmail 21619 invoked by uid 1000); 9 Feb 2013 10:52:10 -0000
Received: from 124.108.96.106 by rel106.mail.aue.yahoo.com with SMTP; Sat, 09 Feb 2013 02:52:10 -0800
Received: (qmail 73535 invoked by uid 60001); 9 Feb 2013 10:52:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360407130; X-YMail-OSG: Y.O6tmwVM1nDkxPPIX_L3lKe9wmc0wWudidGAMNf4FhEXUn
vgJ1lvMGp9EnOEGbHgPyd
Received: from [110.77.148.14] by web96108.mail.aue.yahoo.com via HTTP; Sat, 09 Feb 2013 23:52:10 NZDT
X-Mailer: YahooMailWebService/0.8.132.503
Message-ID: <1360407130.61417.YahooMailNeo@web96108.mail.aue.yahoo.com>

275 posts

Ultimate Geek
  Reply # 759331 11-Feb-2013 09:48 Send private message

So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.




World famous Twitter hacker.

4866 posts

Uber Geek

Trusted
Subscriber
  Reply # 759332 11-Feb-2013 09:49 Send private message

Peppery: So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.


Our phones are red! I think we are at about 30 calls.

383 posts

Ultimate Geek

Trusted
Subscriber
  Reply # 759335 11-Feb-2013 10:14 Send private message

quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?





4866 posts

Uber Geek

Trusted
Subscriber
  Reply # 759345 11-Feb-2013 10:38 Send private message

Shock:
quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?


Yes. I don't believe it's a phishing issue at all, once passwords are compromised it's not that any longer. Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing. Xtra need to own up here. The problem is they will completely over-react and retighten all their security, won't tell anyone what they did, and those of us who support customers using xtra will have to guess what they did so that things work again!

At least that's what's happening in the past.

Awesome
3090 posts

Uber Geek

Trusted
Subscriber
  Reply # 759353 11-Feb-2013 10:47 Send private message

Yeah people are reporting their accounts have been compromised, but have never even used the Xtra email service they have...

Something (about the official line) doesn't smell right




Twitter: ajobbins

383 posts

Ultimate Geek

Trusted
Subscriber
  Reply # 759357 11-Feb-2013 10:51 Send private message

Just to not come off as a complete pain to people I know, maybe what I should be saying is that what is being described here is not lining up with what is being reported. Rather than 'spin' which has the negative connotations.

If it is an evolving issue then that's fine but the direction to the non technical folk is worrying as they will think it is something that it is not.

My great concern is that should your account have been compromised then all that personal information stored in the system online is now available even though you thought you were safe.





4866 posts

Uber Geek

Trusted
Subscriber
  Reply # 759364 11-Feb-2013 10:51 Send private message

and Another this time from Yahoo!

BDFL
44250 posts

Uber Geek

Administrator
Trusted
Geekzone
Subscriber
  Reply # 759365 11-Feb-2013 10:52 Send private message

Yes, you will get the odd one from @yahoo.co.nz but probably not as many as @xtra.co.nz, probably because of the size of the user base.





Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blogtechnology disclosure, my tweets, Web Performance Optimization

Geekzone Price comparison | Amazon Kindle order page | How to get the best out of Geekzone | New Zealand IT Jobs | Geekzone News | Jinglebugs 

1962 posts

Uber Geek

Trusted
Subscriber
  Reply # 759368 11-Feb-2013 10:53 Send private message

plambrechtsen: If anyone is getting any more recent spam messages (i'm looking at you JohnR Smile) not necessarily the bounce back messages which may just be a hangover from mail systems re-trying.

I would be very interested to get copies of the emails and they MUST include the full headers of the emails.

If you're not sure what I am talking about Full Headers then that's ok others have forwarded the spam emails to our team mailbox, but if you do know what I am talking about then please include the full headers from the email and send us an email ort @ telecom.co.nz 

It's still being actively investigated, and it seems from the threads I have seen that some mail servers are still affected.


Received one this morning and forwarded it to you guys.

719 posts

Ultimate Geek

Subscriber
  Reply # 759395 11-Feb-2013 11:50 Send private message

It would appear that its a compromise at the Yahoo end, given its affecting people like me who were never xtra customers, and the spam is being sent from @xgtra, @yahoo.co.nz and @yahoo.com.au addresses, and its bein targeted at peoples contact lists.




909 posts

Ultimate Geek
  Reply # 759399 11-Feb-2013 11:58 Send private message

networkn:  Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing.


While I'm not convinced that this is only the XSS phishing attack in play at all, it's not entirely correct to say that a phisher can't get your address book entries.  

I believe that the webmail by Yahoo/Xtra collects address book entries automatically, but in any case, the Yahoo XSS phishing hack from last month allows the attacker access to your webmail (by stealing your cookies) including the addressbook therein.

So yes, if this were the XSS phishing attack in use, they can (and would) send to your address book.




---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.  

275 posts

Ultimate Geek
  Reply # 759400 11-Feb-2013 12:01 Send private message

Definitely a Yahoo issue rather than anything specific to Telecom, I've gotten them from @yahoo.com, @yahoo.co.nz and @xtra.co.nz. Just wondering how these are all happening as my boss is rather tech savvy with these sorts of things. (also sent through a couple of the xtra.co.nz ones that came this morning)




World famous Twitter hacker.

690 posts

Ultimate Geek

Trusted
  Reply # 759401 11-Feb-2013 12:03 Send private message

It's pretty poor that Telecom haven't posted anything about this on their Facebook news feed. I see that people who have written on their timeline asking for information have received some pretty defensive replies along the lines of "this has been discussed already" and referring them to a post some third party made about it that would never have appeared on their news feeds. This is not really what I would expect from Telecom.

184 posts

Master Geek

Subscriber
  Reply # 759403 11-Feb-2013 12:09 Send private message

Does anyone know where these links lead?  Are they phishing for passwords or is there a payload that is downloaded etc.?

I have a few customers who have clicked the link.

Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13Next
View this topic in a long page with up to 500 replies per page Create new topic





Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
New Zealand game developers conference expects big audience
Posted 20-Jun-2013 09:21

Vodafone launches 4G in Queenstown ahead of Winter Festival
Posted 20-Jun-2013 08:52

AVG Technologies launches AVG CloudCare in Australia and New Zealand
Posted 20-Jun-2013 08:42

Investor Rowan Simpson backs Timely
Posted 19-Jun-2013 14:36

Orcon Genius Go app set home lines free
Posted 19-Jun-2013 14:26

New Slingshot "Global Mode" gives access to world of content
Posted 19-Jun-2013 13:00


Trending now »
Hot discussions in our forums right now:

Sky outbid for EPL rights (Premier League Pass discussion)
Created by JonnyCam, last reply by JarrodM on 20-Jun-2013 12:57 (271 replies)
Pages... 17 18 19

Orcon Genius Go discussion
Created by freitasm, last reply by ptinson on 20-Jun-2013 13:57 (72 replies)
Pages... 3 4 5

I am been sued - HELP!
Created by BaaaaD, last reply by Dairyxox on 20-Jun-2013 14:01 (71 replies)
Pages... 3 4 5

Condenser Dryer: anyone has one?
Created by joker97, last reply by graemew on 18-Jun-2013 21:08 (31 replies)
Pages... 2 3

Slingshot Global Mode announced
Created by freitasm, last reply by Chainsaw on 20-Jun-2013 13:16 (50 replies)
Pages... 2 3 4

Slow YouTube Response
Created by SneakerPimps, last reply by mercutio on 18-Jun-2013 21:34 (23 replies)
Pages... 2

Sky News UK now streaming on Apple TV
Created by steve98, last reply by jarledb on 20-Jun-2013 12:00 (19 replies)
Pages... 2

Calling all mazda 3/Axela owners in NZ
Created by coolcat21, last reply by Kingy on 19-Jun-2013 09:51 (37 replies)
Pages... 2 3


Geekzone Jobs »
Most recent NZ jobs in technology:

Oracle Data Warehouse / BI (OWB) Consultant
Posted 20-Jun-2013 13:38

Graduate Developers
Posted 20-Jun-2013 13:38

SAP Test Analyst
Posted 20-Jun-2013 13:38

Senior Cognos BI Consultant
Posted 20-Jun-2013 13:38

BSc Graduate Software Engineer
Posted 20-Jun-2013 13:38

Head of Product Development
Posted 20-Jun-2013 13:38

Systems Consultant - Powershell - CONTRACT
Posted 20-Jun-2013 12:38


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.