Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
1381 posts

Uber Geek

Subscriber

  # 944518 3-Dec-2013 08:44
Send private message

Spong:
kawaii: What I'd love to know is who was the bright spark that made the decision to go with Yahoo - the same person who thought that all the 'hip young things' would like Bebo phone? honestly, do they really need to have a 'anyone over 40 needs to resign' purge at Telecom? How on God's green earth did it make any sense to go with Yahoo when Google or Microsoft have a better reputation? why didn't they do something about cancelling the arrangement after the first fiasco? how many times must Yahoo keep failing and the executive who made the decision keep holding onto his job before the board finally realises this fiasco is taking a toll on the Telecom brand?


This all seems a bit deja vu as per this article from April this year: http://www.nbr.co.nz/article/telecom-completes-review-sticks-yahooxtra-ck-138192

Surely the time's right now to drop Yahoo??


They were sending emails or looking for permission to send the mail servers to Thailand earlier this year .... our mail is drifting further afield.






nunz

15103 posts

Uber Geek


  # 944523 3-Dec-2013 08:50
Send private message

What a mess for them. My one has also been sending spam and been disabled. I'm just going to leave it, as I only use the email address for signing up to e newsletter anyway. Had a huge amount of spam from xtra email addresses today, so looks like it has hit again overnight.

 
 
 
 


51 posts

Master Geek


  # 944524 3-Dec-2013 08:53
Send private message

Xtra have been telling some customers that the problem is solved. As I've received another little bunch of "hey" spam emails from Xtra accounts this morning, that may not be entirely true.

We all know about the big Yahoo/Xtra hack that happened in February, but Eric Basu at Forbes documents another large Yahoo hack in July of this year. This story suggests that apart from the obvious goal of providing links to the original spam sites, this hack also provides the bad guys with a means of grabbing (and validating) new email addresses to target outside of the Yahoo domain.

Basu says that for targeted Yahoo users, just changing your password isn't enough. He suggests changing your password reset questions/answers, going to “Manage Apps and Website Connections” and killing off all the third party apps that you’ve given permission to access your account over the years, and checking that your ‘backup email’ account hasn’t been modified.  "It might be set to a new one that looks almost like yours, but one character off."

1381 posts

Uber Geek

Subscriber

  # 944529 3-Dec-2013 09:07
Send private message

Can confirm there is a new attack on. Started for us at 1am this morning, originating out of Georgia / Russia. We contacted the ISP and they 'might' do something.







nunz

47 posts

Geek


  # 944633 3-Dec-2013 11:39
One person supports this post
Send private message



I got a wave of these emails to our business today from a range of our clients compromised accounts so its pretty wide spread.   Seems like xtra has been  hacked in a big way again. 

Funny how the Official spin looks at the start  http://www.stuff.co.nz/national/9463386/Xtra-accounts-locked-after-spam-attack  always playing it down.  "spam issues"  LOL  Thanks we know about the "symptom"

4338 posts

Uber Geek


  # 944636 3-Dec-2013 11:48
Send private message

Can someone please tell me -- is it me who has been hacked , and they download my contact list and use that to send me spam seemingly from my contacts --- or, is it my friends who have been hacked and I am being sent spam because I am in my friends contact list?


51 posts

Master Geek


  # 944637 3-Dec-2013 11:52
Send private message

surfisup1000: Can someone please tell me -- is it me who has been hacked , and they download my contact list and use that to send me spam seemingly from my contacts --- or, is it my friends who have been hacked and I am being sent spam because I am in my friends contact list?

Probably both if you're all Xtra clients.

 
 
 
 


47 posts

Geek


  # 944658 3-Dec-2013 12:23
Send private message

surfisup1000

If the email address is  anything@xtra.co.nz and is coming to you, that is not your friend hacked its the whole xtra network by the looks and if your address is @xtra.co.nz   then your address list could have been mailed with spam also. 

29k

6 posts

Wannabe Geek


  # 944668 3-Dec-2013 12:37
Send private message

I've recieved spam this morning from family, so new attack then?

 

 

 

How does one view where people have been logging in from? I remember a link for that during one of the previous attacks.

463 posts

Ultimate Geek


  # 944691 3-Dec-2013 13:05
Send private message

29k: I've recieved spam this morning from family, so new attack then?   How does one view where people have been logging in from? I remember a link for that during one of the previous attacks.


https://api.login.yahoo.com/login/history

46 posts

Geek


  # 944720 3-Dec-2013 13:43
Send private message

Using the login history on a compromised account I can see it was accessed from California USA at around 7.23am NZ time.

5 posts

Wannabe Geek


  # 944740 3-Dec-2013 14:04
Send private message

well my friends xtra.co account got hacked on sunday from the Ukraine while i was with him, i managed to change his password, 2 years ago his account was wiped, emails, contacts everything. we called xtra yahoo/telecom but telecom claims they have nothing to do with it as they outsourced and yahoo couldn't do anything as it was synced off the server.

its very poor that telecom doesn't provide users with a safer account service or a secure server for backups, i know people will say use another service, but alot of business users or older people use the email provided expecting service with what they pay for, i tried telling them to use gmail or a service not from the 90s.

today my yahoo.com account was hacked from usa, over 100 mailer failure spammed my phone.i managed to change my accounts related to it and close it.

i was at the citizen advice bureau today as i needed to see the justice of piece and they all got hacked.

my yahoo.com.au account got hacked at the start or the year but the hacker sent me an email of my yahoo id and password, so i obviously changed it.
no matter how hard i try the hacking occurs from yahoos side, every account i had with yahoo has been hacked.

8033 posts

Uber Geek

Trusted

  # 944747 3-Dec-2013 14:20
Send private message

Yahoo appears to be riddled with XSS vulnerabilities which allow this to happen again and again.

15103 posts

Uber Geek


  # 944786 3-Dec-2013 15:10
Send private message

Telecom Appear to be distancing themselves from the problem by saying it is a yahoo problem, and that some of their customers using xtra email addresses maybe affected. That doesn't really sound like they are owning the problem, nor have they actually said what the problem is. They have subbed out to another company for email so they have to take ownership that it is also their problem, and to fully explain it. When I try to log into my xtra account, it now says that their system has noticed some suspicious activity on my account, and I have been locked out and I need to change the password. It then says that you should regularly update your password and to keep it safe, which implies that it is a customer problem. But I have never had problems with other email providers and my account being hacked before, and I doubt the compromise is at my end. I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

The xtra logs show that mine way hacked from the USA
5:15 AM    Browser     Logged in to Mail     NC, US

51 posts

Master Geek


  # 944811 3-Dec-2013 15:28
Send private message

mattwnz: I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

I agree that Yahoo shouldn't be allowing these hacks to continue and that Xtra need to step up to the plate and ideally sever ties with them. But no matter how strong your password may be, if the bad guys have a copy then you're buggered and changing your password is essential and urgent.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55


Bitcoin.com announces partnership with smartphone manufacturer HTC
Posted 16-Sep-2019 21:30


Finalists Announced for Microsoft NZ Partner Awards
Posted 16-Sep-2019 19:37


OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42


New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24


Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46


Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43


Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40


Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38


Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25


Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55


Kogan.com launches prepay challenger brand Kogan Mobile in New Zealand
Posted 3-Sep-2019 11:42


Pagan Online available now
Posted 27-Aug-2019 20:22


Starship hopes new app will help combat antibiotic resistance challenges
Posted 27-Aug-2019 19:43


Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.