Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
15016 posts

Uber Geek


  # 944819 3-Dec-2013 15:37
Send private message

DigiDog:
mattwnz: I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

I agree that Yahoo shouldn't be allowing these hacks to continue and that Xtra need to step up to the plate and ideally sever ties with them. But no matter how strong your password may be, if the bad guys have a copy then you're buggered and changing your password is essential and urgent.


I think they need to tell people not to use the password for anything else, as if they are getting access to your password via yahoos system, they could access everything else too that uses that password too. My old password is also used for my telecom broadband connection/ MyTelecom, as it was my primary xtra email account, but I haven't changed that (yet) They haven't told customers (yet) if they need to change that too, as I suspect many people will use the same passwords in order to remember them.
My password was pretty difficult anyway, so I wonder if changing it to something even hard is going to make any difference. I wasn't affected by the last hack earlier in the year, only this one.

469 posts

Ultimate Geek


  # 944822 3-Dec-2013 15:46
Send private message

It'd be interesting to see whether the malicious logins are infected computers/botnet, masking the identities of the real hackers. My money would suspect so.

 
 
 
 


15016 posts

Uber Geek


  # 944823 3-Dec-2013 15:49
Send private message

k1wi: It'd be interesting to see whether the malicious logins are infected computers/botnet, masking the identities of the real hackers. My money would suspect so.


The problem is the lack of information. People can only speculate. The telecom website says very little.

1375 posts

Uber Geek

Subscriber

  # 944842 3-Dec-2013 16:22
Send private message

mattwnz:
DigiDog:
mattwnz: I don't think you should need to change your password regularly either, if it is a strong one with upper and lower case characters and numbers.

I agree that Yahoo shouldn't be allowing these hacks to continue and that Xtra need to step up to the plate and ideally sever ties with them. But no matter how strong your password may be, if the bad guys have a copy then you're buggered and changing your password is essential and urgent.


I think they need to tell people not to use the password for anything else, as if they are getting access to your password via yahoos system, they could access everything else too that uses that password too. My old password is also used for my telecom broadband connection/ MyTelecom, as it was my primary xtra email account, but I haven't changed that (yet) They haven't told customers (yet) if they need to change that too, as I suspect many people will use the same passwords in order to remember them.
My password was pretty difficult anyway, so I wonder if changing it to something even hard is going to make any difference. I wasn't affected by the last hack earlier in the year, only this one.

it depends on how the heck is done. If the hackers have managed to compromise yahoo backend systems and if they have been able to get hold of the hash of your password then it doesn't really matter how big or long as they have got a copy it and can use it using a different type of attack.
Ii have just been through the process of changing almost all of my passwords so that every password for every site and every login and every customers different. Like most people i do not have an absolutely fantastic brain for remembering the 200 300 passwords i need so i'm using keepsafe an open source products that works off a pen drivve and uses two systems of authentication. . I now have a key on a pen drive and i now have a password and together a l l my password file to be opened and used. My password is now gone beyond the 12 character range and using uppercase lowercase symbols  blah blah blah blah blah 
on a linux system you can implement iptables that say if you had 3 failed attempts and password the new a locked out for a minute. This means that dictionary a texan similar will fail because it takes way too long to get 3 attempts per minute. We also been ssh and similar connections exit from very specific locations. We have explicitly excluded loggins from lots of dodgy places. My apologies to georgia ukraine armenia greece afghanistan nedlands etco etco but we have band you from logging into a service. The only alternative to that is vpn or very specific exemptions for very specific customers.




nunz

Abo

76 posts

Master Geek


  # 944931 3-Dec-2013 19:03
2 people support this post
Send private message

So when are Telecom going to ditch yahoo...


3383 posts

Uber Geek

Trusted

  # 944951 3-Dec-2013 20:19
2 people support this post
Send private message

Abo: So when are Telecom going to ditch yahoo...



They wont.
Yahoo will assure (pay telecom lots of money) them again that it wont happen again and their top engineers are working on fixing the hole.





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




83 posts

Master Geek

Subscriber

  # 944994 3-Dec-2013 21:57
One person supports this post
Send private message

Is this recent flare-up a product of a fresh hack of the Yahoo servers, or are they using a further batch of cracked passwords for accounts they obtained previously?
To answer this, does anyone know of a Yahoo account that had its password changed after the previous hacks, that has now been compromised again?

 
 
 
 


1523 posts

Uber Geek


  # 945047 3-Dec-2013 23:24
Send private message

I think this might be a fresh yahoo attack. I have never had any xtra affiliation and my two yahoo accounts had login attempts from a california ip in the early hours of this morning. I don't think my accounts have been accessed or sent any spam, but there's been some sort of attempt that yahoo has blocked.

15016 posts

Uber Geek


  # 945052 3-Dec-2013 23:38
Send private message

1eStar: I think this might be a fresh yahoo attack. I have never had any xtra affiliation and my two yahoo accounts had login attempts from a california ip in the early hours of this morning. I don't think my accounts have been accessed or sent any spam, but there's been some sort of attempt that yahoo has blocked.


There doesn't seem to be any news able yahoo accounts being hacked on googles news. I can only see ones about YahooXtra.

8033 posts

Uber Geek

Trusted

  # 945067 4-Dec-2013 04:45
Send private message

jlittle: Is this recent flare-up a product of a fresh hack of the Yahoo servers, or are they using a further batch of cracked passwords for accounts they obtained previously?
To answer this, does anyone know of a Yahoo account that had its password changed after the previous hacks, that has now been compromised again?


Mostly the same problem as before ie: XSS (aka cross site scripting)

http://en.wikipedia.org/wiki/Cross-site_scripting

http://www.computerweekly.com/tip/Cross-site-scripting-explained-How-to-prevent-XSS-attacks

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

14031 posts

Uber Geek

Trusted
Subscriber

  # 945076 4-Dec-2013 06:44
Send private message

I can understand to a degree why they are not saying much to the media, however they should be upfront and honest with their customers. They should be communicating directly with all customers anything less feels like a middle finger salute.

The only info I have received is here and bits and pieces in the press and that falls way short of good customer relation standards.




Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

Using empathy takes no energy and can gain so much. Try it.

 

 


1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 945096 4-Dec-2013 08:25
Send private message

Can anyone else actually change their password?


46 posts

Geek


  # 945101 4-Dec-2013 08:39
One person supports this post
Send private message

The way I did it was to say I forgot my password at the http://xtramail.co.nz site as changing the password the normal way didn't work for me either.

54 posts

Master Geek


  # 945271 4-Dec-2013 11:49
Send private message

ps2jak2: The way I did it was to say I forgot my password at the http://xtramail.co.nz site as changing the password the normal way didn't work for me either.


Yeah the usual way (changing from a known password to a new one) doesn't seem to work. Its as if my password had been reset remotely...however I have not been able to get official confirmation if this is the case or not.

1823 posts

Uber Geek


  # 945274 4-Dec-2013 11:55
Send private message

I just found out my a/c is also compromised.
My email hasnt been sending out spam, as far as Im aware, yet was hacked into on Dec1

So I advise EVERYONE with an extra email a/c, even if you dont use it ....
check if someone else had logged onto your email a/c
https://api.login.yahoo.com/login/history

 

change email password
http://www.telecom.co.nz/changepassword

then go & clean out your webmail. It can no longer be considered secure.
My advice: go into webmail, delete all saved/autosaved contacts, delete all saved sent emails, delete everything in there , clean it out completely.
If you need a copy of all emails in your webmail, download them all into Outlook/thunderbird & use that as a saved copy.

 

 

Why the Silence from Telecom. They should be advising EVERYONE to check who has been logging into their email a/c recently.

1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20


Toyota and Preferred Networks to develop service robots
Posted 8-Aug-2019 20:11


Vodafone introduces new Vodafone TV device
Posted 7-Aug-2019 17:16


Intel announces next-generation Intel Xeon Scalable processors with up to 56 cores
Posted 7-Aug-2019 15:41


Nokia 2.2 released in New Zealand
Posted 5-Aug-2019 19:38


2degrees celebrating ten years
Posted 5-Aug-2019 05:00


Sure Petcare launches SureFeed microchip pet feeder
Posted 2-Aug-2019 17:00


Symantec Threat Intelligence: revival and rise of email extortion scams
Posted 2-Aug-2019 16:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.