Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



Watchmaker Wizard
2378 posts

Uber Geek
+1 received by user: 52

Subscriber

Topic # 138606 10-Jan-2014 11:15 2 people support this post Send private message

I've just started getting another batch of spam from Yahoo NZ addresses from the (thankfully small) number of people I know who actually use their Yahoo email account. Have they had _another_ breach or is it likely to be the same as previous by people who never changed their p/w?





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
331 posts

Ultimate Geek
+1 received by user: 17


  Reply # 964406 10-Jan-2014 11:30 Send private message

Had 4 so far.
Awesome.






1053 posts

Uber Geek
+1 received by user: 28


  Reply # 964408 10-Jan-2014 11:31 Send private message

Ah, So its not just me then!

I got one today with a URL in it, Subject "greetings."

Called my sister and told her to monitor and not click anything for the time being. And run housecall and check yahoos recent activity. When they recently got back from holiday they had the usual 'your acct may have been affected' speil and changed PWs then

So yes, it does indeed look like it. I was CC'd to 6 other people that look like her web contacts

1053 posts

Uber Geek
+1 received by user: 28


  Reply # 964413 10-Jan-2014 11:39 Send private message

I wonder if this is a payload from the previous malware via ad serve, or ANOTHER one.

There will be an outcry if this is yet another..

Anyone recall the mail address to fwd the entire message to.. or does pl want them :)

6204 posts

Uber Geek
+1 received by user: 216

Trusted

  Reply # 964420 10-Jan-2014 12:03 Send private message

*yawn ... don't they ever learn? or is it a different problem each time?




Apologies for poor typing standards when on Samsung Galaxy S4 LTE/iPad 2 Wifi

2869 posts

Uber Geek
+1 received by user: 131

Trusted
Subscriber

  Reply # 964427 10-Jan-2014 12:13 Send private message

What pisses me off the most is people who stick with them. Just got an email from a family friend who uses Xtra. I told them more than 1 month ago when I was staying at their place and helped them change passwords exactly when this happened to switch to a decent provider and they said no. The worst part is the guy used to be a partner at PwC and of all people I would have expected to look at the facts and make the right decision.





10177 posts

Uber Geek
+1 received by user: 272

Trusted
Subscriber

  Reply # 964435 10-Jan-2014 12:25 Send private message

Perhaps people need to just start blocking anything xtra from entering their mail servers for a few weeks?




Richard rich.ms

39 posts

Geek
+1 received by user: 17


  Reply # 964437 10-Jan-2014 12:26 Send private message

I've had half a dozen this morning. While the headers are forged to appear that they come from valid Xtra addresses, the actual sending servers are all over the world. I'd say it's those stolen address books from all the previously hacked Xtra accounts coming into play.

6127 posts

Uber Geek
+1 received by user: 213


  Reply # 964449 10-Jan-2014 12:43 Send private message

Yeap got 5 today too. Also telecoms LPs have been blacklisted by RBLs so also getting clients contacting me to say their email they are sending is bouncing with messages to say that they are listed in RBLs. The joys of ISP emails. All I can do is tell them to contact telecom, or not use ISP email.

1053 posts

Uber Geek
+1 received by user: 28


  Reply # 964475 10-Jan-2014 13:04 Send private message

Good point. I didn't check to see if the header was legitimately from my sister.

I've forwarded an example off for analysis all the same. But if the servers themselves are being blacklisted, thats got to be a indication of the server being used for the sending.. Or will it also blacklist based on sender displayed domain without interrogating further.

6127 posts

Uber Geek
+1 received by user: 213


  Reply # 964476 10-Jan-2014 13:05 Send private message

richms: Perhaps people need to just start blocking anything xtra from entering their mail servers for a few weeks?


That is what the real time backlist are already doing, as telecoms IPs are already listed now, which I presume is due to this. I note that telecom don't have this problem listed on their websites status page, although they do have a big banner on their homepage with a warning for yahoo extra telecom users to change their passwords. Now I know why their tech in a minute TV advert demoed an email setup usng Gmail, rather than yahoo, who is their own provider.

1053 posts

Uber Geek
+1 received by user: 28


  Reply # 964481 10-Jan-2014 13:12 Send private message

Received: from mycomputer (91.227.216.165) by smtpout08.bt.lon5.cpcloud.co.uk
(8.6.100.99.10223) (authenticated as [email protected]) id

Return-Path: [email protected]

Sure enough return and CC all legit persons known to sister. Added a few angle brackets but the codes been stripped :) so those URLs/addresses are false of course

1645 posts

Uber Geek
+1 received by user: 276

Trusted
Telecom NZ

  Reply # 964484 10-Jan-2014 13:15 Send private message

Yahoo are aware of this. I'm on holiday but have seen an internal alert about it. Please do try and log cases so the true impact will be known. As many these days are just deleting the emails.




I work for Telecom Spark, but as always my views are my own.

1053 posts

Uber Geek
+1 received by user: 28


  Reply # 964488 10-Jan-2014 13:17 Send private message

Ah, got a different address to fwd to? I flicked you it directly :)

1645 posts

Uber Geek
+1 received by user: 276

Trusted
Telecom NZ

  Reply # 964501 10-Jan-2014 13:36 Send private message

[email protected] is where spam should go including full headers




I work for Telecom Spark, but as always my views are my own.

BDFL
48013 posts

Uber Geek
+1 received by user: 3568

Administrator
Trusted
Geekzone
Subscriber

  Reply # 964503 10-Jan-2014 13:39 Send private message

mattwnz: Now I know why their tech in a minute TV advert demoed an email setup usng Gmail, rather than yahoo, who is their own provider.


Which was "strange" using an Android. You already have your Google account linked when you first setup the device. They should really have shown how to create an Exchange or POP/IMAP account in that video.






 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by kiwirock on 25-Apr-2014 16:36 (115 replies)
Pages... 6 7 8


Stonedine
Created by Lizard1977, last reply by mattwnz on 24-Apr-2014 15:45 (67 replies)
Pages... 3 4 5


Windows 8 System Mechanics
Created by eme, last reply by eme on 24-Apr-2014 21:10 (20 replies)
Pages... 2


Using my Mac to ring family in the UK
Created by Geektastic, last reply by nakedmolerat on 24-Apr-2014 11:28 (19 replies)
Pages... 2


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by mattwnz on 24-Apr-2014 15:11 (74 replies)
Pages... 3 4 5


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4


Forms of government for New Zealand
Created by charsleysa, last reply by gzt on 25-Apr-2014 14:22 (181 replies)
Pages... 11 12 13


MH370 - Call for Search & Rescue Help
Created by DS248, last reply by Technofreak on 25-Apr-2014 12:43 (751 replies)
Pages... 49 50 51



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.