Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
7350 posts

Uber Geek
+1 received by user: 408


  Reply # 759602 11-Feb-2013 16:10 Send private message

cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.

Cyril


Although it still goes though the outgoing yahoo servers, as can be seem in the email headers. They probably are just bypassing the webmail interface with their own scripts.



1017 posts

Uber Geek
+1 received by user: 46


  Reply # 759603 11-Feb-2013 16:12 Send private message

cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.


All the headers I've seen indicate that the Yahoo SMTP servers were the ones delivering from victim to recipient.  

Yahoo is/were the ones delivering the spam from their network.  Which indicates that either
 1. they were open relay - unlikely
 2. the attack used the webmail system to send
 3. the attack was able to harvest (or change) username/password and authenticate to the SMTP server
 4. the attack used their own yahoo account to send a joe-job

I'd say 2 or 3 were most likely.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

5971 posts

Uber Geek
+1 received by user: 109

Trusted
Subscriber

  Reply # 759607 11-Feb-2013 16:14 Send private message

ok ok, but essentially it was not processed as usual, so does not appear in your sent folder.

Cyril

246 posts

Master Geek
+1 received by user: 20

Trusted

  Reply # 759608 11-Feb-2013 16:15 Send private message

sleemanj:
cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.


All the headers I've seen indicate that the Yahoo SMTP servers were the ones delivering from victim to recipient.  

Yahoo is/were the ones delivering the spam from their network.  Which indicates that either
 1. they were open relay - unlikely
 2. the attack used the webmail system to send
 3. the attack was able to harvest (or change) username/password and authenticate to the SMTP server
 4. the attack used their own yahoo account to send a joe-job

I'd say 2 or 3 were most likely.



Cyril, Andy, Matt, James, thank you for the explanantions.




Michael Skyrme - Instrumentation & Controls

7251 posts

Uber Geek
+1 received by user: 895

Trusted
Subscriber

  Reply # 759615 11-Feb-2013 16:30 Send private message

We just got a flood of new xtra.co.nz ones and customers have started calling again!

851 posts

Ultimate Geek
+1 received by user: 305


  Reply # 759629 11-Feb-2013 16:58 Send private message

Well done - you're on slashdot... tech.slashdot.org/story/13/02/11/0029201/widespread-compromise-of-yahoo-backed-email-in-new-zealand

251 posts

Ultimate Geek
+1 received by user: 12

Subscriber

  Reply # 759646 11-Feb-2013 17:20 Send private message

The problem is NOT fixed, spam messages from Xtra/Yahoo are still arriving as of 4.30 pm today.  Same type of message.

Just A Geek
1946 posts

Uber Geek
+1 received by user: 313

Trusted
Subscriber

  Reply # 759671 11-Feb-2013 17:59 Send private message

The "incident" has hit slashdot now (The top story) and this thread is linked off it :-) Look out geekzone.

I got /.ed once .. Wasn't very nice :-)




BDFL
49938 posts

Uber Geek
+1 received by user: 4624

Administrator
Trusted
Geekzone
Subscriber

  Reply # 759673 11-Feb-2013 18:01 Send private message

Thanks again to whoever posted the link. And don't worry, /. is not what it used to be...





7350 posts

Uber Geek
+1 received by user: 408


  Reply # 759680 11-Feb-2013 18:12 Send private message

TVNZ has it as one of their top stories, and they said it was now fixed.

5 posts

Wannabe Geek
+1 received by user: 2


  Reply # 759858 12-Feb-2013 05:59 Send private message

They defiantly still have issues, maybe the exploit has been resolved, but plenty of email accounts are still compromised.
MTA's I monitor have been receiving 200+ spam emails an hour all night from Xtra & Yahoo addresses.

79 posts

Master Geek
+1 received by user: 1


  Reply # 759882 12-Feb-2013 08:52 Send private message

I have changed my username password on Yahoo, do I also need to change my username.xadsl password as well.

138 posts

Master Geek
+1 received by user: 6


  Reply # 759886 12-Feb-2013 09:00 Send private message

Looks like round two of the phishing attacks have started.

My parent's business received a call from "Telecom" telling them that they needed to change their broadband and email passwords. Funny thing is that while they're with Telecom their email is on the business platform which I believe is unrelated to Yahoo.

I got a panicked call about it so told them it was likely fake and to ring back Xtra to get confirmation.

If it does turn out true though it will change the hack substantially.

290 posts

Ultimate Geek
+1 received by user: 19


  Reply # 759891 12-Feb-2013 09:07 Send private message

Klathman: Looks like round two of the phishing attacks have started.

My parent's business received a call from "Telecom" telling them that they needed to change their broadband and email passwords. Funny thing is that while they're with Telecom their email is on the business platform which I believe is unrelated to Yahoo.

I got a panicked call about it so told them it was likely fake and to ring back Xtra to get confirmation.

If it does turn out true though it will change the hack substantially.


Thanks for letting us know.  Sounds like people in NZ are getting on the bandwagon maybe?  Guess it reminds everyone not to respond to unsolicited communication.

Hopefully Xtra will be a bit more proactive today in informing all Xtra/ADSL users via the press, emails etc.

1745 posts

Uber Geek
+1 received by user: 338

Trusted
Spark NZ

  Reply # 759920 12-Feb-2013 10:03 Send private message

Hey everyone, sorry I have been MIA yesterday.  Was a tad of a crazy day.

I'll be online a bit more today.

If anyone has any recent spam they got today or late last night ideally could you forward the full email including the headers to our team mailbox [email protected] and I will forward them on.

If you're using a web-mail client you can find some instructions here:

http://telecom.custhelp.com/app/answers/detail/a_id/4019

If you're using a full client such as Outlook or Thunderbird on your computer

http://telecom.custhelp.com/app/answers/detail/a_id/14504

It's still being actively investigated and some recent spam emails including full headers would be extremely useful.





I work for Spark, but as always my views are my own.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Speed limit when overtaking? Teach me please.
Created by nakedmolerat, last reply by joker97 on 25-Oct-2014 18:18 (86 replies)
Pages... 4 5 6


House Auctions
Created by t0ny, last reply by mattwnz on 25-Oct-2014 00:18 (36 replies)
Pages... 2 3


Neon - Sky's new streaming service
Created by JarrodM, last reply by JimmyH on 25-Oct-2014 17:37 (29 replies)
Pages... 2


VDSL, which router/modem sub $200?
Created by TeaLeaf, last reply by TeaLeaf on 25-Oct-2014 17:53 (25 replies)
Pages... 2


iPad Air 2 and iPad Mini 3. Gonna get one?
Created by Dingbatt, last reply by alasta on 25-Oct-2014 12:30 (114 replies)
Pages... 6 7 8


5Ghz AP recommendations?
Created by ubergeeknz, last reply by sbiddle on 24-Oct-2014 12:42 (12 replies)

Snap have failed our company!
Created by dafman, last reply by kornflake on 23-Oct-2014 17:41 (37 replies)
Pages... 2 3


Thief taunts 12 year old via stolen laptop
Created by macuser, last reply by charsleysa on 22-Oct-2014 23:49 (12 replies)


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.