Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
347 posts

Ultimate Geek
+1 received by user: 26


  Reply # 759329 11-Feb-2013 09:41
Send private message

I havn't used my xtra account for ages but it picked up old addresses I did post in the past.  Have change password.

Header was as follows:

Sat, 9 Feb 2013 23:52:11 +1300 (NZDT)
Received: from nm1.tnz.bullet.mail.aue.yahoo.com (nm1.tnz.bullet.mail.aue.yahoo.com [124.108.96.28])

Received: from [124.108.96.26] by nm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:11 -0000
Received: from [124.108.96.25] by tm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
Received: from [127.0.0.1] by omp1002.tnz.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 779396.10328.bm@omp1002.tnz.mail.aue.yahoo.com
Received: (qmail 21619 invoked by uid 1000); 9 Feb 2013 10:52:10 -0000
Received: from 124.108.96.106 by rel106.mail.aue.yahoo.com with SMTP; Sat, 09 Feb 2013 02:52:10 -0800
Received: (qmail 73535 invoked by uid 60001); 9 Feb 2013 10:52:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360407130; X-YMail-OSG: Y.O6tmwVM1nDkxPPIX_L3lKe9wmc0wWudidGAMNf4FhEXUn
vgJ1lvMGp9EnOEGbHgPyd
Received: from [110.77.148.14] by web96108.mail.aue.yahoo.com via HTTP; Sat, 09 Feb 2013 23:52:10 NZDT
X-Mailer: YahooMailWebService/0.8.132.503
Message-ID: <1360407130.61417.YahooMailNeo@web96108.mail.aue.yahoo.com>

668 posts

Ultimate Geek
+1 received by user: 95

Trusted

  Reply # 759331 11-Feb-2013 09:48
Send private message

So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.

 
 
 
 


14483 posts

Uber Geek
+1 received by user: 3596

Trusted
Subscriber

  Reply # 759332 11-Feb-2013 09:49
Send private message

Peppery: So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.


Our phones are red! I think we are at about 30 calls.

534 posts

Ultimate Geek
+1 received by user: 30

Trusted

  Reply # 759335 11-Feb-2013 10:14
Send private message

quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?




 

Connecting to UFB? Go with Bigpipe and use this link for free credit!


14483 posts

Uber Geek
+1 received by user: 3596

Trusted
Subscriber

  Reply # 759345 11-Feb-2013 10:38
Send private message

Shock:
quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?


Yes. I don't believe it's a phishing issue at all, once passwords are compromised it's not that any longer. Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing. Xtra need to own up here. The problem is they will completely over-react and retighten all their security, won't tell anyone what they did, and those of us who support customers using xtra will have to guess what they did so that things work again!

At least that's what's happening in the past.

Awesome
4766 posts

Uber Geek
+1 received by user: 1048

Trusted
Subscriber

  Reply # 759353 11-Feb-2013 10:47
Send private message

Yeah people are reporting their accounts have been compromised, but have never even used the Xtra email service they have...

Something (about the official line) doesn't smell right




Twitter: ajobbins


534 posts

Ultimate Geek
+1 received by user: 30

Trusted

  Reply # 759357 11-Feb-2013 10:51
Send private message

Just to not come off as a complete pain to people I know, maybe what I should be saying is that what is being described here is not lining up with what is being reported. Rather than 'spin' which has the negative connotations.

If it is an evolving issue then that's fine but the direction to the non technical folk is worrying as they will think it is something that it is not.

My great concern is that should your account have been compromised then all that personal information stored in the system online is now available even though you thought you were safe.




 

Connecting to UFB? Go with Bigpipe and use this link for free credit!


14483 posts

Uber Geek
+1 received by user: 3596

Trusted
Subscriber

  Reply # 759364 11-Feb-2013 10:51
Send private message

and Another this time from Yahoo!

BDFL - Memuneh
58742 posts

Uber Geek
+1 received by user: 10138

Administrator
Trusted
Geekzone
Subscriber

  Reply # 759365 11-Feb-2013 10:52
Send private message

Yes, you will get the odd one from @yahoo.co.nz but probably not as many as @xtra.co.nz, probably because of the size of the user base.




2915 posts

Uber Geek
+1 received by user: 414

Trusted
Subscriber

  Reply # 759368 11-Feb-2013 10:53
Send private message

plambrechtsen: If anyone is getting any more recent spam messages (i'm looking at you JohnR Smile) not necessarily the bounce back messages which may just be a hangover from mail systems re-trying.

I would be very interested to get copies of the emails and they MUST include the full headers of the emails.

If you're not sure what I am talking about Full Headers then that's ok others have forwarded the spam emails to our team mailbox, but if you do know what I am talking about then please include the full headers from the email and send us an email ort @ telecom.co.nz 

It's still being actively investigated, and it seems from the threads I have seen that some mail servers are still affected.


Received one this morning and forwarded it to you guys.

2739 posts

Uber Geek
+1 received by user: 1407

Subscriber

  Reply # 759395 11-Feb-2013 11:50
Send private message

It would appear that its a compromise at the Yahoo end, given its affecting people like me who were never xtra customers, and the spam is being sent from @xgtra, @yahoo.co.nz and @yahoo.com.au addresses, and its bein targeted at peoples contact lists.





Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.




1203 posts

Uber Geek
+1 received by user: 132


  Reply # 759399 11-Feb-2013 11:58
Send private message

networkn:  Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing.


While I'm not convinced that this is only the XSS phishing attack in play at all, it's not entirely correct to say that a phisher can't get your address book entries.  

I believe that the webmail by Yahoo/Xtra collects address book entries automatically, but in any case, the Yahoo XSS phishing hack from last month allows the attacker access to your webmail (by stealing your cookies) including the addressbook therein.

So yes, if this were the XSS phishing attack in use, they can (and would) send to your address book.





---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


668 posts

Ultimate Geek
+1 received by user: 95

Trusted

  Reply # 759400 11-Feb-2013 12:01
Send private message

Definitely a Yahoo issue rather than anything specific to Telecom, I've gotten them from @yahoo.com, @yahoo.co.nz and @xtra.co.nz. Just wondering how these are all happening as my boss is rather tech savvy with these sorts of things. (also sent through a couple of the xtra.co.nz ones that came this morning)

1066 posts

Uber Geek
+1 received by user: 99

Trusted

  Reply # 759401 11-Feb-2013 12:03
Send private message

It's pretty poor that Telecom haven't posted anything about this on their Facebook news feed. I see that people who have written on their timeline asking for information have received some pretty defensive replies along the lines of "this has been discussed already" and referring them to a post some third party made about it that would never have appeared on their news feeds. This is not really what I would expect from Telecom.

378 posts

Ultimate Geek
+1 received by user: 76

Subscriber

  Reply # 759403 11-Feb-2013 12:09
Send private message

Does anyone know where these links lead?  Are they phishing for passwords or is there a payload that is downloaded etc.?

I have a few customers who have clicked the link.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33


FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.