Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
7683 posts

Uber Geek
+1 received by user: 440


  Reply # 759602 11-Feb-2013 16:10 Send private message

cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.

Cyril


Although it still goes though the outgoing yahoo servers, as can be seem in the email headers. They probably are just bypassing the webmail interface with their own scripts.



1022 posts

Uber Geek
+1 received by user: 53


  Reply # 759603 11-Feb-2013 16:12 Send private message

cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.


All the headers I've seen indicate that the Yahoo SMTP servers were the ones delivering from victim to recipient.  

Yahoo is/were the ones delivering the spam from their network.  Which indicates that either
 1. they were open relay - unlikely
 2. the attack used the webmail system to send
 3. the attack was able to harvest (or change) username/password and authenticate to the SMTP server
 4. the attack used their own yahoo account to send a joe-job

I'd say 2 or 3 were most likely.





---
James Sleeman

My hobby - listing small amounts of interesting/useful hobby electronic components hardware and stuff on Trademe for cheap, all good geek stuff for the "maker" revolution ;-)

Tip for Trademe addicts: install an addon for your browser to get thumbs for all listings.

5984 posts

Uber Geek
+1 received by user: 118

Trusted
Subscriber

  Reply # 759607 11-Feb-2013 16:14 Send private message

ok ok, but essentially it was not processed as usual, so does not appear in your sent folder.

Cyril

254 posts

Ultimate Geek
+1 received by user: 26

Trusted

  Reply # 759608 11-Feb-2013 16:15 Send private message

sleemanj:
cyril7: Hi Mike, you will not see anything in the sent items folder even on the web interface, your contacts list was harvested by this rouge who then sent the emails outside of the Yahoo system.


All the headers I've seen indicate that the Yahoo SMTP servers were the ones delivering from victim to recipient.  

Yahoo is/were the ones delivering the spam from their network.  Which indicates that either
 1. they were open relay - unlikely
 2. the attack used the webmail system to send
 3. the attack was able to harvest (or change) username/password and authenticate to the SMTP server
 4. the attack used their own yahoo account to send a joe-job

I'd say 2 or 3 were most likely.



Cyril, Andy, Matt, James, thank you for the explanantions.




Michael Skyrme - Instrumentation & Controls

7766 posts

Uber Geek
+1 received by user: 1093

Trusted
Subscriber

  Reply # 759615 11-Feb-2013 16:30 Send private message

We just got a flood of new xtra.co.nz ones and customers have started calling again!

1044 posts

Uber Geek
+1 received by user: 383


  Reply # 759629 11-Feb-2013 16:58 Send private message

Well done - you're on slashdot... tech.slashdot.org/story/13/02/11/0029201/widespread-compromise-of-yahoo-backed-email-in-new-zealand

260 posts

Ultimate Geek
+1 received by user: 20

Subscriber

  Reply # 759646 11-Feb-2013 17:20 Send private message

The problem is NOT fixed, spam messages from Xtra/Yahoo are still arriving as of 4.30 pm today.  Same type of message.

Just A Geek
1954 posts

Uber Geek
+1 received by user: 313

Trusted
Subscriber

  Reply # 759671 11-Feb-2013 17:59 Send private message

The "incident" has hit slashdot now (The top story) and this thread is linked off it :-) Look out geekzone.

I got /.ed once .. Wasn't very nice :-)




BDFL
50827 posts

Uber Geek
+1 received by user: 5170

Administrator
Trusted
Geekzone
Subscriber

  Reply # 759673 11-Feb-2013 18:01 Send private message

Thanks again to whoever posted the link. And don't worry, /. is not what it used to be...





7683 posts

Uber Geek
+1 received by user: 440


  Reply # 759680 11-Feb-2013 18:12 Send private message

TVNZ has it as one of their top stories, and they said it was now fixed.

5 posts

Wannabe Geek
+1 received by user: 2


  Reply # 759858 12-Feb-2013 05:59 Send private message

They defiantly still have issues, maybe the exploit has been resolved, but plenty of email accounts are still compromised.
MTA's I monitor have been receiving 200+ spam emails an hour all night from Xtra & Yahoo addresses.

81 posts

Master Geek
+1 received by user: 1


  Reply # 759882 12-Feb-2013 08:52 Send private message

I have changed my username password on Yahoo, do I also need to change my username.xadsl password as well.

138 posts

Master Geek
+1 received by user: 6


  Reply # 759886 12-Feb-2013 09:00 Send private message

Looks like round two of the phishing attacks have started.

My parent's business received a call from "Telecom" telling them that they needed to change their broadband and email passwords. Funny thing is that while they're with Telecom their email is on the business platform which I believe is unrelated to Yahoo.

I got a panicked call about it so told them it was likely fake and to ring back Xtra to get confirmation.

If it does turn out true though it will change the hack substantially.

309 posts

Ultimate Geek
+1 received by user: 20


  Reply # 759891 12-Feb-2013 09:07 Send private message

Klathman: Looks like round two of the phishing attacks have started.

My parent's business received a call from "Telecom" telling them that they needed to change their broadband and email passwords. Funny thing is that while they're with Telecom their email is on the business platform which I believe is unrelated to Yahoo.

I got a panicked call about it so told them it was likely fake and to ring back Xtra to get confirmation.

If it does turn out true though it will change the hack substantially.


Thanks for letting us know.  Sounds like people in NZ are getting on the bandwagon maybe?  Guess it reminds everyone not to respond to unsolicited communication.

Hopefully Xtra will be a bit more proactive today in informing all Xtra/ADSL users via the press, emails etc.

1949 posts

Uber Geek
+1 received by user: 472
Inactive user


  Reply # 759920 12-Feb-2013 10:03 Send private message

Hey everyone, sorry I have been MIA yesterday.  Was a tad of a crazy day.

I'll be online a bit more today.

If anyone has any recent spam they got today or late last night ideally could you forward the full email including the headers to our team mailbox [email protected] and I will forward them on.

If you're using a web-mail client you can find some instructions here:

http://telecom.custhelp.com/app/answers/detail/a_id/4019

If you're using a full client such as Outlook or Thunderbird on your computer

http://telecom.custhelp.com/app/answers/detail/a_id/14504

It's still being actively investigated and some recent spam emails including full headers would be extremely useful.


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Am I going down? App for the fearful of flying.
Created by networkn, last reply by Sideface on 29-Jan-2015 23:07 (47 replies)
Pages... 2 3 4


Police Speed Campaign - Summer 2014/2015
Created by nzkiwiman, last reply by scuwp on 31-Jan-2015 22:18 (179 replies)
Pages... 10 11 12


Post your Boat
Created by TimA, last reply by Beccara on 31-Jan-2015 20:40 (38 replies)
Pages... 2 3


Which canon flash?
Created by esawers, last reply by timmmay on 30-Jan-2015 16:15 (19 replies)
Pages... 2


Bad lower back.
Created by TimA, last reply by jimbob79 on 30-Jan-2015 16:01 (77 replies)
Pages... 4 5 6


New to VDSL and wondering if I can change where the modem connects in the house
Created by Valcor, last reply by quickymart on 29-Jan-2015 20:59 (17 replies)
Pages... 2


AdBlockers on Geekzone
Created by freitasm, last reply by wally22 on 29-Jan-2015 09:55 (69 replies)
Pages... 3 4 5


Help recognize big black spider nope
Created by solival, last reply by heylinb4nz on 30-Jan-2015 13:34 (16 replies)
Pages... 2



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.