Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Watch this topic Create new topic
1 | 2 | 3 | 4 | 5
6126 posts

Uber Geek
+1 received by user: 213


  Reply # 944819 3-Dec-2013 15:37 Send private message quote this post

DigiDog:
mattwnz: I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

I agree that Yahoo shouldn't be allowing these hacks to continue and that Xtra need to step up to the plate and ideally sever ties with them. But no matter how strong your password may be, if the bad guys have a copy then you're buggered and changing your password is essential and urgent.


I think they need to tell people not to use the password for anything else, as if they are getting access to your password via yahoos system, they could access everything else too that uses that password too. My old password is also used for my telecom broadband connection/ MyTelecom, as it was my primary xtra email account, but I haven't changed that (yet) They haven't told customers (yet) if they need to change that too, as I suspect many people will use the same passwords in order to remember them.
My password was pretty difficult anyway, so I wonder if changing it to something even hard is going to make any difference. I wasn't affected by the last hack earlier in the year, only this one.

340 posts

Ultimate Geek
+1 received by user: 51


  Reply # 944822 3-Dec-2013 15:46 Send private message quote this post

It'd be interesting to see whether the malicious logins are infected computers/botnet, masking the identities of the real hackers. My money would suspect so.

6126 posts

Uber Geek
+1 received by user: 213


  Reply # 944823 3-Dec-2013 15:49 Send private message quote this post

k1wi: It'd be interesting to see whether the malicious logins are infected computers/botnet, masking the identities of the real hackers. My money would suspect so.


The problem is the lack of information. People can only speculate. The telecom website says very little.

234 posts

Master Geek
+1 received by user: 24

Subscriber

  Reply # 944842 3-Dec-2013 16:22 Send private message quote this post

mattwnz:
DigiDog:
mattwnz: I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

I agree that Yahoo shouldn't be allowing these hacks to continue and that Xtra need to step up to the plate and ideally sever ties with them. But no matter how strong your password may be, if the bad guys have a copy then you're buggered and changing your password is essential and urgent.


I think they need to tell people not to use the password for anything else, as if they are getting access to your password via yahoos system, they could access everything else too that uses that password too. My old password is also used for my telecom broadband connection/ MyTelecom, as it was my primary xtra email account, but I haven't changed that (yet) They haven't told customers (yet) if they need to change that too, as I suspect many people will use the same passwords in order to remember them.
My password was pretty difficult anyway, so I wonder if changing it to something even hard is going to make any difference. I wasn't affected by the last hack earlier in the year, only this one.

it depends on how the heck is done. If the hackers have managed to compromise yahoo backend systems and if they have been able to get hold of the hash of your password then it doesn't really matter how big or long as they have got a copy it and can use it using a different type of attack.
Ii have just been through the process of changing almost all of my passwords so that every password for every site and every login and every customers different. Like most people i do not have an absolutely fantastic brain for remembering the 200 300 passwords i need so i'm using keepsafe an open source products that works off a pen drivve and uses two systems of authentication. . I now have a key on a pen drive and i now have a password and together a l l my password file to be opened and used. My password is now gone beyond the 12 character range and using uppercase lowercase symbols  blah blah blah blah blah 
on a linux system you can implement iptables that say if you had 3 failed attempts and password the new a locked out for a minute. This means that dictionary a texan similar will fail because it takes way too long to get 3 attempts per minute. We also been ssh and similar connections exit from very specific locations. We have explicitly excluded loggins from lots of dodgy places. My apologies to georgia ukraine armenia greece afghanistan nedlands etco etco but we have band you from logging into a service. The only alternative to that is vpn or very specific exemptions for very specific customers.




nunz

Abo

43 posts

Geek
+1 received by user: 8


  Reply # 944931 3-Dec-2013 19:03 2 people support this post Send private message quote this post

So when are Telecom going to ditch yahoo...


2008 posts

Uber Geek
+1 received by user: 119

Trusted
Subscriber

  Reply # 944951 3-Dec-2013 20:19 2 people support this post Send private message quote this post

Abo: So when are Telecom going to ditch yahoo...



They wont.
Yahoo will assure (pay telecom lots of money) them again that it wont happen again and their top engineers are working on fixing the hole.





Ray Taylor
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




7 posts

Wannabe Geek
+1 received by user: 1


  Reply # 944994 3-Dec-2013 21:57 One person supports this post Send private message quote this post

Is this recent flare-up a product of a fresh hack of the Yahoo servers, or are they using a further batch of cracked passwords for accounts they obtained previously?
To answer this, does anyone know of a Yahoo account that had its password changed after the previous hacks, that has now been compromised again?

499 posts

Ultimate Geek
+1 received by user: 27


  Reply # 945047 3-Dec-2013 23:24 quote this post

I think this might be a fresh yahoo attack. I have never had any xtra affiliation and my two yahoo accounts had login attempts from a california ip in the early hours of this morning. I don't think my accounts have been accessed or sent any spam, but there's been some sort of attempt that yahoo has blocked.

6126 posts

Uber Geek
+1 received by user: 213


  Reply # 945052 3-Dec-2013 23:38 Send private message quote this post

1eStar: I think this might be a fresh yahoo attack. I have never had any xtra affiliation and my two yahoo accounts had login attempts from a california ip in the early hours of this morning. I don't think my accounts have been accessed or sent any spam, but there's been some sort of attempt that yahoo has blocked.


There doesn't seem to be any news able yahoo accounts being hacked on googles news. I can only see ones about YahooXtra.

7532 posts

Uber Geek
+1 received by user: 236

Trusted
Subscriber

  Reply # 945067 4-Dec-2013 04:45 Send private message quote this post

jlittle: Is this recent flare-up a product of a fresh hack of the Yahoo servers, or are they using a further batch of cracked passwords for accounts they obtained previously?
To answer this, does anyone know of a Yahoo account that had its password changed after the previous hacks, that has now been compromised again?


Mostly the same problem as before ie: XSS (aka cross site scripting)

http://en.wikipedia.org/wiki/Cross-site_scripting

http://www.computerweekly.com/tip/Cross-site-scripting-explained-How-to-prevent-XSS-attacks

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

2230 posts

Uber Geek
+1 received by user: 549


  Reply # 945076 4-Dec-2013 06:44 Send private message quote this post

I can understand to a degree why they are not saying much to the media, however they should be upfront and honest with their customers. They should be communicating directly with all customers anything less feels like a middle finger salute.

The only info I have received is here and bits and pieces in the press and that falls way short of good customer relation standards.




KiwiNZ

 Interesting. You're afraid of insects and women. Ladybugs must render you catatonic.

1884 posts

Uber Geek
+1 received by user: 13

Trusted
Subscriber

  Reply # 945096 4-Dec-2013 08:25 Send private message quote this post

Can anyone else actually change their password?


6 posts

Wannabe Geek
+1 received by user: 2


  Reply # 945101 4-Dec-2013 08:39 One person supports this post Send private message quote this post

The way I did it was to say I forgot my password at the http://xtramail.co.nz site as changing the password the normal way didn't work for me either.

27 posts

Geek


  Reply # 945271 4-Dec-2013 11:49 Send private message quote this post

ps2jak2: The way I did it was to say I forgot my password at the http://xtramail.co.nz site as changing the password the normal way didn't work for me either.


Yeah the usual way (changing from a known password to a new one) doesn't seem to work. Its as if my password had been reset remotely...however I have not been able to get official confirmation if this is the case or not.

128 posts

Master Geek
+1 received by user: 8


  Reply # 945274 4-Dec-2013 11:55 Send private message quote this post

I just found out my a/c is also compromised.
My email hasnt been sending out spam, as far as Im aware, yet was hacked into on Dec1

So I advise EVERYONE with an extra email a/c, even if you dont use it ....
check if someone else had logged onto your email a/c
https://api.login.yahoo.com/login/history

change email password
http://www.telecom.co.nz/changepassword

then go & clean out your webmail. It can no longer be considered secure.
My advice: go into webmail, delete all saved/autosaved contacts, delete all saved sent emails, delete everything in there , clean it out completely.
If you need a copy of all emails in your webmail, download them all into Outlook/thunderbird & use that as a saved copy.  

Why the Silence from Telecom. They should be advising EVERYONE to check who has been logging into their email a/c recently.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Watch this topic Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by firefuze on 24-Apr-2014 13:30 (99 replies)
Pages... 5 6 7


Stonedine
Created by Lizard1977, last reply by mattwnz on 24-Apr-2014 15:45 (67 replies)
Pages... 3 4 5


Auckland Transport Hop card - look out for errors
Created by robjg63, last reply by sbiddle on 24-Apr-2014 20:48 (21 replies)
Pages... 2


Windows 8 System Mechanics
Created by eme, last reply by eme on 24-Apr-2014 21:10 (20 replies)
Pages... 2


Using my Mac to ring family in the UK
Created by Geektastic, last reply by nakedmolerat on 24-Apr-2014 11:28 (19 replies)
Pages... 2


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by mattwnz on 24-Apr-2014 15:11 (74 replies)
Pages... 3 4 5


Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 24-Apr-2014 21:36 (176 replies)
Pages... 10 11 12


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.