Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
6985 posts

Uber Geek
+1 received by user: 338


  Reply # 759602 11-Feb-2013 16:10 Send private message

cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.

Cyril


Although it still goes though the outgoing yahoo servers, as can be seem in the email headers. They probably are just bypassing the webmail interface with their own scripts.



1004 posts

Uber Geek
+1 received by user: 40


  Reply # 759603 11-Feb-2013 16:12 Send private message

cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.


All the headers I've seen indicate that the Yahoo SMTP servers were the ones delivering from victim to recipient.  

Yahoo is/were the ones delivering the spam from their network.  Which indicates that either
 1. they were open relay - unlikely
 2. the attack used the webmail system to send
 3. the attack was able to harvest (or change) username/password and authenticate to the SMTP server
 4. the attack used their own yahoo account to send a joe-job

I'd say 2 or 3 were most likely.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

5935 posts

Uber Geek
+1 received by user: 94

Trusted
Subscriber

  Reply # 759607 11-Feb-2013 16:14 Send private message

ok ok, but essentially it was not processed as usual, so does not appear in your sent folder.

Cyril

243 posts

Master Geek
+1 received by user: 19

Trusted

  Reply # 759608 11-Feb-2013 16:15 Send private message

sleemanj:
cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.


All the headers I've seen indicate that the Yahoo SMTP servers were the ones delivering from victim to recipient.  

Yahoo is/were the ones delivering the spam from their network.  Which indicates that either
 1. they were open relay - unlikely
 2. the attack used the webmail system to send
 3. the attack was able to harvest (or change) username/password and authenticate to the SMTP server
 4. the attack used their own yahoo account to send a joe-job

I'd say 2 or 3 were most likely.



Cyril, Andy, Matt, James, thank you for the explanantions.




Michael Skyrme - Instrumentation & Controls

6892 posts

Uber Geek
+1 received by user: 681

Trusted
Subscriber

  Reply # 759615 11-Feb-2013 16:30 Send private message

We just got a flood of new xtra.co.nz ones and customers have started calling again!

787 posts

Ultimate Geek
+1 received by user: 257


  Reply # 759629 11-Feb-2013 16:58 Send private message

Well done - you're on slashdot... tech.slashdot.org/story/13/02/11/0029201/widespread-compromise-of-yahoo-backed-email-in-new-zealand

236 posts

Master Geek
+1 received by user: 11

Subscriber

  Reply # 759646 11-Feb-2013 17:20 Send private message

The problem is NOT fixed, spam messages from Xtra/Yahoo are still arriving as of 4.30 pm today.  Same type of message.

Just A Geek
1940 posts

Uber Geek
+1 received by user: 310

Trusted
Subscriber

  Reply # 759671 11-Feb-2013 17:59 Send private message

The "incident" has hit slashdot now (The top story) and this thread is linked off it :-) Look out geekzone.

I got /.ed once .. Wasn't very nice :-)




BDFL
49445 posts

Uber Geek
+1 received by user: 4348

Administrator
Trusted
Geekzone
Subscriber

  Reply # 759673 11-Feb-2013 18:01 Send private message

Thanks again to whoever posted the link. And don't worry, /. is not what it used to be...





6985 posts

Uber Geek
+1 received by user: 338


  Reply # 759680 11-Feb-2013 18:12 Send private message

TVNZ has it as one of their top stories, and they said it was now fixed.

5 posts

Wannabe Geek
+1 received by user: 2


  Reply # 759858 12-Feb-2013 05:59 Send private message

They defiantly still have issues, maybe the exploit has been resolved, but plenty of email accounts are still compromised.
MTA's I monitor have been receiving 200+ spam emails an hour all night from Xtra & Yahoo addresses.

74 posts

Master Geek
+1 received by user: 1


  Reply # 759882 12-Feb-2013 08:52 Send private message

I have changed my username password on Yahoo, do I also need to change my username.xadsl password as well.

128 posts

Master Geek
+1 received by user: 3


  Reply # 759886 12-Feb-2013 09:00 Send private message

Looks like round two of the phishing attacks have started.

My parent's business received a call from "Telecom" telling them that they needed to change their broadband and email passwords. Funny thing is that while they're with Telecom their email is on the business platform which I believe is unrelated to Yahoo.

I got a panicked call about it so told them it was likely fake and to ring back Xtra to get confirmation.

If it does turn out true though it will change the hack substantially.

284 posts

Ultimate Geek
+1 received by user: 19


  Reply # 759891 12-Feb-2013 09:07 Send private message

Klathman: Looks like round two of the phishing attacks have started.

My parent's business received a call from "Telecom" telling them that they needed to change their broadband and email passwords. Funny thing is that while they're with Telecom their email is on the business platform which I believe is unrelated to Yahoo.

I got a panicked call about it so told them it was likely fake and to ring back Xtra to get confirmation.

If it does turn out true though it will change the hack substantially.


Thanks for letting us know.  Sounds like people in NZ are getting on the bandwagon maybe?  Guess it reminds everyone not to respond to unsolicited communication.

Hopefully Xtra will be a bit more proactive today in informing all Xtra/ADSL users via the press, emails etc.

1725 posts

Uber Geek
+1 received by user: 324

Trusted
Spark NZ

  Reply # 759920 12-Feb-2013 10:03 Send private message

Hey everyone, sorry I have been MIA yesterday.  Was a tad of a crazy day.

I'll be online a bit more today.

If anyone has any recent spam they got today or late last night ideally could you forward the full email including the headers to our team mailbox [email protected] and I will forward them on.

If you're using a web-mail client you can find some instructions here:

http://telecom.custhelp.com/app/answers/detail/a_id/4019

If you're using a full client such as Outlook or Thunderbird on your computer

http://telecom.custhelp.com/app/answers/detail/a_id/14504

It's still being actively investigated and some recent spam emails including full headers would be extremely useful.





I work for Telecom, but as always my views are my own.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Symantec opens new office and expands Security Operations Centre in Sydney
Posted 22-Aug-2014 14:18


Westpac signs five year agreement with IBM
Posted 22-Aug-2014 12:00


Dunedin as an innovation hub
Posted 22-Aug-2014 09:06


When venture capital hurts start-ups
Posted 21-Aug-2014 19:54


Long wait for ARM servers
Posted 21-Aug-2014 19:35


Firefox now or no choice later
Posted 21-Aug-2014 08:41



Trending now »
Hot discussions in our forums right now:

CGA. Is it fair?
Created by BTR, last reply by bazzer on 22-Aug-2014 11:02 (86 replies)
Pages... 4 5 6


Vodafone TV multicast settings on pfSense?
Created by kenkeniff, last reply by TimA on 22-Aug-2014 15:35 (96 replies)
Pages... 5 6 7


Free: Smart Button for your Android device
Created by freitasm, last reply by jeffnz on 22-Aug-2014 15:09 (100 replies)
Pages... 5 6 7


Lightbox press event release
Created by freitasm, last reply by reven on 22-Aug-2014 11:20 (467 replies)
Pages... 30 31 32


It was hardly 'hacking' was it?
Created by CB_24, last reply by gzt on 21-Aug-2014 22:26 (97 replies)
Pages... 5 6 7


How to refresh WinXP
Created by Rickles, last reply by allan on 20-Aug-2014 14:25 (19 replies)
Pages... 2


Vodafone now charging you to receive a bill via post
Created by stocksp, last reply by johnr on 22-Aug-2014 10:03 (82 replies)
Pages... 4 5 6


Car Headunit deals
Created by paulmilbank, last reply by richms on 20-Aug-2014 21:00 (16 replies)
Pages... 2



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.