Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
2869 posts

Uber Geek

Trusted
Lifetime subscriber

  #797203 10-Apr-2013 15:21
Send private message

Telecom certainly on the ball so thanks to you and your guys Peter.

Had a call earlier today about my account being compromised and asking for the same info you had asked for and have also emailed me so even though its an inconvenience its not the end of the world.




Galaxy S10

 

Garmin  Fenix 5




1990 posts

Uber Geek

Trusted
Subscriber

  #797224 10-Apr-2013 16:01
Send private message

plambrechtsen:
 If I could get a copy of the headers & payload URL that would be useful to ensure it's already been captured.


PM sent with the details.





CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB:  Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

 

 


 
 
 
 




196 posts

Master Geek


  #797227 10-Apr-2013 16:17
Send private message

plambrechtsen:
joker97: if i never use my login could i have been hacked? if so they got my password from WHERE???


Do you use an insecure password (something short with just a word). Or something with uppers, lowers and numbers.

I am right in the middle of this working directly with Yahoo, so can't comment on any further things.

But I can say that a number of geekzoners here have provided extremely useful information that has been fed directly back to Yahoo and is very much appreciated.


The account that was breached that i know password For was 2 words 1 number 7 chars total.

aw

273 posts

Ultimate Geek


  #797265 10-Apr-2013 17:29
Send private message

Checked out the payload of the messages I got on a deliberately insecure VM with WinXP and IE6 - just diet scams, no apparent exploits - but the spammer could be acting for multiple "vendors" for all we know.

BDFL - Memuneh
67787 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #797308 10-Apr-2013 18:39
Send private message

Just received from Telecom:


Update on today’s Yahoo Xtra suspicious email incident:

Telecom is implementing tonight a new, simpler, process to protect customers whose accounts appear to have been compromised in a new malicious email incident over the past 24 hours or so. A compromised account means that the customer’s email account is potentially being misused to send suspicious emails.

The new process, which was committed to in our email review announcement last Friday, means that affected customers who usually log onto their Yahoo! Xtra email via webmail (internet) will tonight be automatically directed to a web page that steps them through how to change their password and make any necessary changes to their account settings.

All affected customers, including those who access their Yahoo! Xtra email via other methods, such as Outlook mail or other email applications, will receive an email tonight, advising them to change their password immediately. The email will direct them to the Telecom website.

To recap: late Tuesday afternoon Telecom had reports that some Yahoo! Xtra customers were receiving suspicious looking emails. As in the previous February incident, these emails appeared to be from one of their contacts, but contained an embedded link to a potentially malicious website.

We began urgent investigations with our email provider Yahoo! to identify the source of this latest issue.  This included submitting examples of these suspicious emails for Yahoo! to analyse and attempt to trace the source. Based on this analysis, Yahoo! implemented some additional security protocols. 

If a customer’s email account has potentially been compromised, previous experience has shown that the most effective way to re-secure their account is to change their email password.

We would again like to sincerely apologise to all of our customers who have been affected by this latest incident – in particular those whose accounts have been misused to send suspicious emails, as well as those who have received such emails. It is extremely disappointing to us that this incident seems to have recurred and we are in active discussions with Yahoo! to gain a better understanding of the cause of this latest incident.

Further background

The reality of today’s online world means that all email providers are engaged in a continuous battle against online crime, malicious emails and spam. As one of the world’s biggest providers of email services, Yahoo! is at the front line of this battle and alone blocks more than 600 billion spam messages a month.

It is important for customers to realise that simply receiving a suspicious email does not indicate that their account has been compromised. We advise customers who have received mail that they believe is spam, even from a known contact, to delete immediately and never to click on suspicious links contained within emails. 

Telecom announced last Friday it is continuing to offer its Yahoo! Xtra email service with Yahoo! as our email provider, after receiving strong feedback from customers around the high value they place on the service, and obtaining a commitment from Yahoo! to work with Telecom to improve the customer experience and respond to security issues.  





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


622 posts

Ultimate Geek


  #797314 10-Apr-2013 18:42
Send private message

still that may fix the hacked accounts and ones used for spamming but still hasnt fixed the pop/imap
auth error which clears for 5 minute after webmail login :)

but for now I can live with it.. forwarding to gmail no doubt it a months time it mysteriously fix itself

2869 posts

Uber Geek

Trusted
Lifetime subscriber

  #797319 10-Apr-2013 18:46
Send private message

what I received after a phone call, all very efficient, suitably impressed


"Secure Email – Telecom Xtra Security Team, TT#

Discussion Thread
Our Response Via Email (Sophia N) 10/04/2013 10:29
Good Morning Mr.
As per our conversation over the phone, We have been notified by Yahoo! that your Xtra Email account maybe compromised (e.g. sending out Spam).
In order to find out where the source of this is coming from, we require the following information:
When was the last time you had or attempted to log into webmail?
What is your current Xtra Email Password?
When was the last time your email password was changed?
We also require the following -
Login into: [url removed]
Provide the last 5 login attempts, including date, time and country.
If at all possible, please provide the full email headers for any suspicious emails that appear in your inbox.
To get email headers, please see the following links:
Webmail: http://telecom.custhelp.com/app/answers/detail/a_id/4019
Email Client: [url removed]
Once you have provided this information, please follow the link below to change your password to secure the email account: [url removed]
Thank you for your time and assistance
Kind regards,
Sophia

---------------------------------------
Complex Technical Support
Telecom New Zealand Limited
--------------------------------------- "




Galaxy S10

 

Garmin  Fenix 5




 
 
 
 


2869 posts

Uber Geek

Trusted
Lifetime subscriber

  #797320 10-Apr-2013 18:47
Send private message

kiwigeek1: still that may fix the hacked accounts and ones used for spamming but still hasnt fixed the pop/imap
auth error which clears for 5 minute after webmail login :)

but for now I can live with it.. forwarding to gmail no doubt it a months time it mysteriously fix itself


mine has been fine so haven't forwarded to gmail as of yet




Galaxy S10

 

Garmin  Fenix 5




100 posts

Master Geek


  #797723 11-Apr-2013 12:33

The problem is right across yahoo mail servers. From BTInternet.com (yahoo hosts BT mail) to yahoo.com itself

I have been receiving spam from user accounts at BTinternet.com and yahoo.com for the past month or so.  oh and xtra.co.nz...

I think people need to check that they are not using "remember me" when logging to a yahoo service

1332 posts

Uber Geek
Inactive user


  #797977 11-Apr-2013 19:06
Send private message

Haha! How is this still an issue? I don't see Google Mail or Microsoft Live being repeatedly breached on a massive scale...

2754 posts

Uber Geek

Trusted

  #797989 11-Apr-2013 19:22
Send private message

I just got a message from a Yahoo account (one of my friends) and the suspicious link is something like "seracoustic". That was part of the link I got...




Sony

 

--

 

NZ TechBlog Follow me on Twitter | My Geekzone blog | Sharesies Referral | Electric Kiwi Referral | UberEats Referral Code: eats-17atx


BDFL - Memuneh
67787 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #798210 12-Apr-2013 08:43
Send private message




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


8414 posts

Uber Geek

Subscriber

  #798359 12-Apr-2013 12:54
Send private message

freitasm: Telecom urges customers to solve Yahoo!Xtra issues by not using Yahoo!Xtra

And yes that is a parody web site...


There's some truth in that article.. Wink




Regards,

Old3eyes


622 posts

Ultimate Geek


  #798440 12-Apr-2013 14:41
Send private message

after reading article..
alas though I never did anything wrong,and have high security as well.. pop3/imap just stopped working no changes no pwd changes even but it always worked prior to the first spamming that happened

and I dont believe some of the spammed accounts were due to dummy users and lack of security

I believe the accounts got hacked.. and I think mine is still being brute forced but since I have a complex
password it will take them much longer

also cos pop3 is block after 5min of unfreezing it by logging in via the webpage will be protecting it
from the bruteforce hack going on if theres one..

forwarding the email to gmail is the only solutuon to me

our accounts so far havent been hacked.. cos we dont use dictionary words and just numbers

4046 posts

Uber Geek


  #798463 12-Apr-2013 15:35
Send private message

It certainly sniffs of the cause being either new accounts only, or easy PW brute/dictionary attack. But possibly not given my account(s)

Mine is a complex alphanumeric. It was a 'temporary' account PW given via a random generator at the front desk of CyberXpress (anyone remember them!) when I signed up. And its stuck to date since its one I could remember from using it frequently enough.

So my account so far is either Complex and random enough its not been touched. Or its due to the account being there for the past 15 or so years or pre-yahoo outsource.

However.. My yahoo.com.au group signup account.. is another story. Not common dictionary standard word with replaced numeric chars. And it got accessed from some random server in the original attack.

Tip for family with issues comming up with complex passwords.. print out their favourite song. (or kids nursery rhyme) use the first letters of each word in a verse, and replace with numerics as you see fit.

That wat its easy-ish to remember. And in your face without anyone realising.

IE..

Humpty dumpty sat on a wall, humpty dumpty had a great fall

Would become Hd5oawhdha6f  or similar.

1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.