Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7


196 posts

Master Geek


  #797005 10-Apr-2013 10:21
Send private message

plambrechtsen: For those that have had their accounts used for spamming.  If you could login to the Yahoo Login History page:

https://api.login.yahoo.com/login/history

And then email me the results of that (changing the dropdown from location to IP address) I would be interested to know.  Again to "pl at telecom.co.nz".

Plus any recent spam sent or received from the xtra or yahoo.co.nz domains would be appreciated.  And as always mail headers are essential :)

We are continuing to work with our partner Yahoo on this......


I have sent this to you in full

the suspect lines read as follows


Yesterday1:29 PMBrowserMail AccessDominican Republic 1:29 PMYahoo!Xtra MobileLogged InDominican Republic



196 posts

Master Geek


  #797010 10-Apr-2013 10:28
Send private message

humvee:
plambrechtsen: For those that have had their accounts used for spamming.  If you could login to the Yahoo Login History page:

https://api.login.yahoo.com/login/history

And then email me the results of that (changing the dropdown from location to IP address) I would be interested to know.  Again to "pl at telecom.co.nz".

Plus any recent spam sent or received from the xtra or yahoo.co.nz domains would be appreciated.  And as always mail headers are essential :)

We are continuing to work with our partner Yahoo on this......


I have sent this to you in full

the suspect lines read as follows


Yesterday1:29 PMBrowserMail AccessDominican Republic 1:29 PMYahoo!Xtra MobileLogged InDominican Republic





6 Apr, 20138:14 AMBrowserLogged In194.51.125.26 Apr, 20137:55 AMBrowserLogged in to Mail194.51.125.2

 
 
 
 


Awesome
4881 posts

Uber Geek

Trusted
Subscriber

  #797038 10-Apr-2013 11:27
Send private message

Damager: Got spam also from a friend on xtra.. Thing is, just talking to her now.. She closed that Xtra account 3 years ago.. Why are these accounts still open?


It's pretty clear that that accounts are not being compromised by phishing. With people who never access or use their accounts getting hacked they are obviously getting in another way.

It seems Yahoo's approach of simply changing the password doesn't work. It's just a band aid. Clearly it slows the hackers down but as people are reporting, they are getting back in.

This is just a joke, as is that latest press release from Telecom. They say they are working to implement an easier system to alert people when they get hacked, but seem to be ignoring the fact that the Yahoo mail platform seems fundamentally vulnerable.




Twitter: ajobbins


BDFL - Memuneh
67781 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #797050 10-Apr-2013 11:37
Send private message

As I said in my blog post, when I contacted Yahoo! to clarify the misinformation they claimed was going around during the first occurrence of this problem, they replied with this:

"It’s not appropriate to disclose that information as these details could be misused and may assist a hacker in the future."

So either they had no intention of fixing it, or had no idea what was happening and how to fix it, or something along these lines.

Security by obscurity doesn't work.

Telecom should clearly spell out in the contract the Yahoo! should get things fixed.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


22884 posts

Uber Geek

Trusted
Lifetime subscriber

  #797051 10-Apr-2013 11:38
Send private message

ajobbins:
Damager: Got spam also from a friend on xtra.. Thing is, just talking to her now.. She closed that Xtra account 3 years ago.. Why are these accounts still open?


It's pretty clear that that accounts are not being compromised by phishing. With people who never access or use their accounts getting hacked they are obviously getting in another way.

It seems Yahoo's approach of simply changing the password doesn't work. It's just a band aid. Clearly it slows the hackers down but as people are reporting, they are getting back in.

This is just a joke, as is that latest press release from Telecom. They say they are working to implement an easier system to alert people when they get hacked, but seem to be ignoring the fact that the Yahoo mail platform seems fundamentally vulnerable.


I agree with this. Whilst the efforts of the staff who frequent this forum are appreciated, it beggars belief (Or is it actually back to the bad old days of Telecom behaviour) that Xtra continue to take such a passive approach to it. It's hard to believe they could not monitor this and be a little more honest and forthcoming. 

It's either been mismanaged or they don't have the control they should have over the situation. 

My belief is that XTRA is quite fundamentally separated from the Yahoo management of their email which isn't good business. 

22884 posts

Uber Geek

Trusted
Lifetime subscriber

  #797052 10-Apr-2013 11:39
Send private message

freitasm: As I said in my blog post, when I contacted Yahoo! to clarify the misinformation they claimed was going around during the first occurrence of this problem, they replied with this:

"It’s not appropriate to disclose that information as these details could be misused and may assist a hacker in the future."

So either they had no intention of fixing it, or had no idea what was happening and how to fix it, or something along these lines.

Security by obscurity doesn't work.

Telecom should clearly spell out in the contract the Yahoo! should get things fixed.


This feels very much like the problems with the new Telecom XT Network when it kept going down. Xtra have not taken a hard enough line (or can't) with Yahoo over this. 



4 posts

Wannabe Geek


  #797062 10-Apr-2013 11:44
Send private message

That login activity report is the bomb.......

Using the Login activity logs

Mine was 5.248.150.180 which resolved to Netherlands as the place. It was 1 minute before all my contacts got a nice spam attack with potential virus software links.

Some replied back to me asking if I think they need to loose weight, as they pressed on the link and got sent to a weight loss site.  They might might find they start shedding some currency instead of weight!!!!

Good luck xtra/yahoo....I really hope you solve it, however reading though the forum. This attack seems to have some complexity.

 
 
 
 


Mad Scientist
22570 posts

Uber Geek

Trusted
Lifetime subscriber

  #797064 10-Apr-2013 11:49
Send private message

if i never use my login could i have been hacked? if so they got my password from WHERE???




Involuntary autocorrect in operation on mobile device. Apologies in advance.


BDFL - Memuneh
67781 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #797066 10-Apr-2013 11:50
Send private message

Previous discussions point to a cross site exploit. But we don't know for sure.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


22884 posts

Uber Geek

Trusted
Lifetime subscriber

  #797067 10-Apr-2013 11:50
Send private message

Lockedbag: That login activity report is the bomb.......

Using the Login activity logs

Mine was 5.248.150.180 which resolved to Netherlands as the place. It was 1 minute before all my contacts got a nice spam attack with potential virus software links.

Some replied back to me asking if I think they need to loose weight, as they pressed on the link and got sent to a weight loss site.  They might might find they start shedding some currency instead of weight!!!!

Good luck xtra/yahoo....I really hope you solve it, however reading though the forum. This attack seems to have some complexity.


heh if money comes out of their wallet, indirectly they will weigh less so I guess the commerce commission couldn't have too much of an issue :) 


173 posts

Master Geek


  #797113 10-Apr-2013 12:38
Send private message

Looks like my account was used yesterday to send spam.
I only knew that because it sent one out to my work email address.

1948 posts

Uber Geek
Inactive user


  #797120 10-Apr-2013 12:50
Send private message

joker97: if i never use my login could i have been hacked? if so they got my password from WHERE???


Do you use an insecure password (something short with just a word). Or something with uppers, lowers and numbers.

I am right in the middle of this working directly with Yahoo, so can't comment on any further things.

But I can say that a number of geekzoners here have provided extremely useful information that has been fed directly back to Yahoo and is very much appreciated.

173 posts

Master Geek


  #797127 10-Apr-2013 13:06
Send private message

I sent through the log from yesterday.

Up till now I just was using the original password that telecom sent out when it was jetstream for broadband.
It was a word + number

1990 posts

Uber Geek

Trusted
Subscriber

  #797195 10-Apr-2013 14:53
Send private message

Does anyone know what malware is installed when clicking on the link?

Looks like my dad clicked the link (don't even get me started) and was taken to some Chinese looking site.
He then noticed a large amount of his cap (cira 5GB) was used over a period of around 6 hours today.

Heading round tonight to try and clean it up but would help if there some a starting point of what to look for.




CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


1948 posts

Uber Geek
Inactive user


  #797201 10-Apr-2013 15:11
Send private message

mentalinc: Does anyone know what malware is installed when clicking on the link?

Looks like my dad clicked the link (don't even get me started) and was taken to some Chinese looking site.
He then noticed a large amount of his cap (cira 5GB) was used over a period of around 6 hours today.

Heading round tonight to try and clean it up but would help if there some a starting point of what to look for.


Sorry I haven't done any investigation into the payload.  There are a few different spam emails I have seen thus far.

The ones I first saw was just a weightloss site, but your one may be different and there could be the possibility that your email account has now been harvested for any useful information.  If I could get a copy of the headers & payload URL that would be useful to ensure it's already been captured.

I would highly recommend running full anti-virus/malware, using "netstat -na" once all apps are shutdown to make sure it's not making any outbound connections and normal cleanup after the fact work.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.