Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Widespread Email Compromise at Yahoo/Xtra
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... | 13
andynz
360 posts

Ultimate Geek
Inactive user


  #759329 11-Feb-2013 09:41
Send private message

I havn't used my xtra account for ages but it picked up old addresses I did post in the past.  Have change password.

Header was as follows:

Sat, 9 Feb 2013 23:52:11 +1300 (NZDT)
Received: from nm1.tnz.bullet.mail.aue.yahoo.com (nm1.tnz.bullet.mail.aue.yahoo.com [124.108.96.28])

Received: from [124.108.96.26] by nm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:11 -0000
Received: from [124.108.96.25] by tm1.tnz.bullet.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
Received: from [127.0.0.1] by omp1002.tnz.mail.aue.yahoo.com with NNFMP; 09 Feb 2013 10:52:10 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 779396.10328.bm@omp1002.tnz.mail.aue.yahoo.com
Received: (qmail 21619 invoked by uid 1000); 9 Feb 2013 10:52:10 -0000
Received: from 124.108.96.106 by rel106.mail.aue.yahoo.com with SMTP; Sat, 09 Feb 2013 02:52:10 -0800
Received: (qmail 73535 invoked by uid 60001); 9 Feb 2013 10:52:10 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360407130; X-YMail-OSG: Y.O6tmwVM1nDkxPPIX_L3lKe9wmc0wWudidGAMNf4FhEXUn
vgJ1lvMGp9EnOEGbHgPyd
Received: from [110.77.148.14] by web96108.mail.aue.yahoo.com via HTTP; Sat, 09 Feb 2013 23:52:10 NZDT
X-Mailer: YahooMailWebService/0.8.132.503
Message-ID: <1360407130.61417.YahooMailNeo@web96108.mail.aue.yahoo.com>

 
 
 
 

Get easy to use, easy to install Norton antivirus protection against advanced online threats (affiliate link).
Peppery
910 posts

Ultimate Geek

Trusted

  #759331 11-Feb-2013 09:48
Send private message

So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.

networkn
Networkn
30228 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #759332 11-Feb-2013 09:49
Send private message

Peppery: So far this morning from my clients: 2 phone calls, 3 emails asking if they should be concerned.


Our phones are red! I think we are at about 30 calls.



Shock
534 posts

Ultimate Geek

Trusted

  #759335 11-Feb-2013 10:14
Send private message

quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?




 

Connecting to UFB? Go with Bigpipe and use this link for free credit!

networkn
Networkn
30228 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #759345 11-Feb-2013 10:38
Send private message

Shock:
quickymart: http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10864612


Can someone clarify for me my understanding of this:

Telecom - which uses Yahoo for its email service - said it was "a suspected phishing issue"


My understanding is that phishing is pretending to be someone your not and as a result obtaining user information passwords etc. This was the intended results of the email spam.

However here we have people who have had their accounts hacked as they have not clicked links, given out passwords etc and there is some considerable PR spin going on here ?

Or did I miss something ?


Yes. I don't believe it's a phishing issue at all, once passwords are compromised it's not that any longer. Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing. Xtra need to own up here. The problem is they will completely over-react and retighten all their security, won't tell anyone what they did, and those of us who support customers using xtra will have to guess what they did so that things work again!

At least that's what's happening in the past.

ajobbins
5050 posts

Uber Geek

Trusted

  #759353 11-Feb-2013 10:47
Send private message

Yeah people are reporting their accounts have been compromised, but have never even used the Xtra email service they have...

Something (about the official line) doesn't smell right




Twitter: ajobbins

Shock
534 posts

Ultimate Geek

Trusted

  #759357 11-Feb-2013 10:51
Send private message

Just to not come off as a complete pain to people I know, maybe what I should be saying is that what is being described here is not lining up with what is being reported. Rather than 'spin' which has the negative connotations.

If it is an evolving issue then that's fine but the direction to the non technical folk is worrying as they will think it is something that it is not.

My great concern is that should your account have been compromised then all that personal information stored in the system online is now available even though you thought you were safe.




 

Connecting to UFB? Go with Bigpipe and use this link for free credit!



networkn
Networkn
30228 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #759364 11-Feb-2013 10:51
Send private message

and Another this time from Yahoo!

freitasm
BDFL - Memuneh
76406 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #759365 11-Feb-2013 10:52
Send private message

Yes, you will get the odd one from @yahoo.co.nz but probably not as many as @xtra.co.nz, probably because of the size of the user base.




Please support Geekzone by subscribing, or using one of our referral links: Dosh referral: 00001283 | Sharesies | Goodsync | Mighty Ape | Backblaze

 

freitasm on Keybase | My technology disclosure

 

 

 

 

 

 

Kyanar
3877 posts

Uber Geek

Trusted
Subscriber

  #759368 11-Feb-2013 10:53
Send private message

plambrechtsen: If anyone is getting any more recent spam messages (i'm looking at you JohnR Smile) not necessarily the bounce back messages which may just be a hangover from mail systems re-trying.

I would be very interested to get copies of the emails and they MUST include the full headers of the emails.

If you're not sure what I am talking about Full Headers then that's ok others have forwarded the spam emails to our team mailbox, but if you do know what I am talking about then please include the full headers from the email and send us an email ort @ telecom.co.nz 

It's still being actively investigated, and it seems from the threads I have seen that some mail servers are still affected.


Received one this morning and forwarded it to you guys.

Lias
5247 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #759395 11-Feb-2013 11:50
Send private message

It would appear that its a compromise at the Yahoo end, given its affecting people like me who were never xtra customers, and the spam is being sent from @xgtra, @yahoo.co.nz and @yahoo.com.au addresses, and its bein targeted at peoples contact lists.





I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

sleemanj

1474 posts

Uber Geek


  #759399 11-Feb-2013 11:58
Send private message

networkn:  Also each account is sending to all it's address book entries etc as well, which also couldn't happen via phishing.


While I'm not convinced that this is only the XSS phishing attack in play at all, it's not entirely correct to say that a phisher can't get your address book entries.  

I believe that the webmail by Yahoo/Xtra collects address book entries automatically, but in any case, the Yahoo XSS phishing hack from last month allows the attacker access to your webmail (by stealing your cookies) including the addressbook therein.

So yes, if this were the XSS phishing attack in use, they can (and would) send to your address book.




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

Peppery
910 posts

Ultimate Geek

Trusted

  #759400 11-Feb-2013 12:01
Send private message

Definitely a Yahoo issue rather than anything specific to Telecom, I've gotten them from @yahoo.com, @yahoo.co.nz and @xtra.co.nz. Just wondering how these are all happening as my boss is rather tech savvy with these sorts of things. (also sent through a couple of the xtra.co.nz ones that came this morning)

steve98
1381 posts

Uber Geek

Trusted

  #759401 11-Feb-2013 12:03
Send private message

It's pretty poor that Telecom haven't posted anything about this on their Facebook news feed. I see that people who have written on their timeline asking for information have received some pretty defensive replies along the lines of "this has been discussed already" and referring them to a post some third party made about it that would never have appeared on their news feeds. This is not really what I would expect from Telecom.

MackinNZ
450 posts

Ultimate Geek

Lifetime subscriber

  #759403 11-Feb-2013 12:09
Send private message

Does anyone know where these links lead?  Are they phishing for passwords or is there a payload that is downloaded etc.?

I have a few customers who have clicked the link.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | ... | 13
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

New Air Traffic Management Platform and Resilient Buildings a Milestone for Airways
Posted 6-Dec-2023 05:00

Logitech G Launches New Flagship Console Wireless Gaming Headset Astro A50 X
Posted 5-Dec-2023 21:00

NordVPN Helps Users Protect Themselves From Vulnerable Apps
Posted 5-Dec-2023 14:27

First-of-its-Kind Flight Trials Integrate Uncrewed Aircraft Into Controlled Airspace
Posted 5-Dec-2023 13:59

Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Norton for Gamers






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.