Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
Go Hawks!
917 posts

Ultimate Geek
+1 received by user: 61

Trusted
Subscriber

  # 242836 5-Aug-2009 08:58
Send private message

 6. A PC with access to the email database has been compromised. I think this is the most likely case and don't see how whereisglenn can say "nor have we been hacked". Hackers prefer to keep a low profile so how would they know? Firewalls only stop malware being pushed to machines, they do nothing to stop luser from accidentaly pulling malware to their local PC. Can Hell Pizza honestly say that they don't have a staff member with low or modest computer skills that is using IE on a machine which does not have updates turned on? Maybe a laptop brought in from home?



I also suspect that this is the most likely case ... however I cannot say for certain that it's actuall Hell Pizza's machine that's been compromised - there's every chance that a mail log has been published someplace - voila, email addresses.


It is this last case that annoys me because of the denial and refusal to sort the problem. Pity we don't have effective laws or procedures to deal with these people. In one case I was under attack from an Internet cafe where the operator told me they couldn't fix the problem since the machines were used but the public and therefore could not be secured. He had a change of heart when I offered to remotely fix the problem for him by formatting his hard drives using the same security hole he was refusing to fix.



I've not yet followed up on this with Hell Pizza directly (sorry whereisglenn, but how do I know that you can categorically speak for Hell Pizza?) - has anyone else?


We do have anti-spam laws (or at least I thought so).  I've not a lot of faith in the legal system in that way.


I must confess that it's spilled back under my radar, as it would appear that the spam filters are now catching the spam in any case.

2 posts

Wannabe Geek


  # 243162 5-Aug-2009 18:40
Send private message

My ISP is Comcast, so in my case, it had nothing to do with Hell's Pizza. Here are the headers from the e-mail in case anyone is interested:

Return-Path: pdfreader-kjtltr1hjulvtyy1y@cmail3.com
Received: from imta29.emeryville.ca.mail.comcast.net (LHLO
IMTA29.emeryville.ca.mail.comcast.net) (76.96.27.217) by
sz0090.ev.mail.comcast.net with LMTP; Sun, 2 Aug 2009 16:38:15 +0000 (UTC)
Received: from m4.createsend.com ([72.15.222.64])
by IMTA29.emeryville.ca.mail.comcast.net with comcast
id PUeB1c00p1PyQ5U0VUeFvC; Sun, 02 Aug 2009 16:38:15 +0000
X-Authority-Analysis: v=1.0 c=1 a=Qgr8RKwWmLgA:10
a=c1PFaiG4f0Na2aAqKNsWGA==:17 a=4Tu5EdrtAAAA:8 a=C_IRinGWAAAA:8
a=wQ4NbxORAAAA:8 a=tLNmW5npwpZjeH28RnMA:9 a=cX7E-pXX6205zmnuJjYA:7
a=2Vejds4OFo5_zVyToQN1_656JioA:4 a=c6My9_s7WDcA:10 a=CmzApSA3FWQA:10
a=si9q_4b84H0A:10
Received: by m4.createsend.com (PowerMTA(TM) v3.5r11) id hen0fc0hunk7 for ; Sun, 2 Aug 2009 22:26:44 +1000 (envelope-from )
From: "PDF Reader"
To: "[myusername]@comcast.net"
Reply-To: info@adobe-pdf-2009.net
Date: Sun, 02 Aug 2009 21:55:59 +1000
Subject: New PDF Reader For Windows
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailer: cmail3.com
X-Complaints-To: abuse@cmail3.com
List-Unsubscribe:
Received: from [95.211.4.198] by cmail3.com via HTTP; Sun, 02 Aug 2009 09:55:59 +1000
Message-ID:


 
 
 
 


BDFL - Memuneh
63279 posts

Uber Geek
+1 received by user: 13826

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 243170 5-Aug-2009 18:50
Send private message
2 posts

Wannabe Geek


  # 243193 5-Aug-2009 19:27
Send private message

freitasm: As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.


Not sure I concur. It just means the SPAM has multiple sources of email addresses - which is normal. 
If the only place SOME of the email addresses were given to was Hell Pizzas, then Hell's list (or email log) is compromised. But it doesn't mean Hell's email list is the only list in the world to be compromised.
I also got an almost (but not quite) identical message sent to spotlight@<mydomain> - an email address only ever used to communicate with that company.


14 posts

Geek
+1 received by user: 16


  # 243232 5-Aug-2009 20:47
Send private message

freitasm: As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.


I beg to differ.  I think who ever compromised Hell Pizza's database was likely to have compromised other databases or even just brought email lists and amalgamated them.  It would be interesting to hear back from Hell Pizza as it may be they employed some other company to handle the web services and that service provider is the actual source of the leak.  In that case several companies would have their reputation tarnished by simply choosing the wrong company to handle their web presences.

Of course that is just speculation on my part.  If you don't agree then I would be interested to hear your theory of how I came to receive an email from them addressed to hell@mydomain?

BDFL - Memuneh
63279 posts

Uber Geek
+1 received by user: 13826

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 243288 5-Aug-2009 22:39
Send private message

ukoda:
freitasm: As I said before - I got this spam and I am not subscribed to Hell Pizza, so it's probably not coming from a leak there.


I beg to differ.  I think who ever compromised Hell Pizza's database was likely to have compromised other databases or even just brought email lists and amalgamated them. 


Big, heavy sentence there... "who ever (sic) compromised Hell Pizza's database" sounds like there was indeed a breach...

ukoda: Of course that is just speculation on my part.  If you don't agree then I would be interested to hear your theory of how I came to receive an email from them addressed to hell@mydomain?


Just read my first post again. There are dictionary attacks and spammers use those frequently. "hell@" is not hard to guess/use/attack.

A dictionary attacks requires the spammer to send emails to a domain using common words from a dictionary. Whatever bounces is invalid, whatever is accepted is a good email for them. Easy. And no "database compromise".






14 posts

Geek
+1 received by user: 16


  # 243306 5-Aug-2009 23:25
Send private message

freitasm:
Just read my first post again. There are dictionary attacks and spammers use those frequently. "hell@" is not hard to guess/use/attack.

A dictionary attacks requires the spammer to send emails to a domain using common words from a dictionary. Whatever bounces is invalid, whatever is accepted is a good email for them. Easy. And no "database compromise".

Yes, I covered that option in an earlier post.  Since I have a catchall in place I would see anything from a dictionary attack and I have been surprised to see them only occasionally.  Clearly it could have been a dictionary attack since hell is such a short  word but I think a compromised PC is more likely.  Of course since it is unlikely we will never know for sure in this case.

Interestingly a dictionary attack was one of the explanations offered when houseoftravel@mydomain was heavily spammed.  Given the word houseoftravel is actually three words joined I though it a poor attempt to deflect attention.

BDFL - Memuneh
63279 posts

Uber Geek
+1 received by user: 13826

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 243309 5-Aug-2009 23:28
Send private message

In that case "houseoftravel" is unlikely to be a dictionary attack. But "hell" is more likely.

Anyway... I really don't care much. It's rare to get spam in my Inbox. Exchange does a good job these days.




1 post

Wannabe Geek


  # 244405 9-Aug-2009 12:12
Send private message

I just got much the same thing.  It is misleading, using Adobe's name and the good name of OpenOffice.  It is trying just a little too hard for credibility.  Last I heard nothing legitimate operated out of Panama.

1 post

Wannabe Geek


# 246729 14-Aug-2009 17:45
Send private message

This phishing attack was quite interesting. I received the same message at three different email accounts, all at the same time and all proper operating addresses.

One address was registered with Chaos Music in Australia - and not used anywhere else - the second was BrightKite - social networking site and again not used anywhere else - and the third at my primary account which is usually pretty spam free.

I utilise a catch-all on my mail server - so I can register site specific addresses and know where potential leaks have come from - and did not receive the email at any other address in the same domain which says to me that it wasn't a pure dictionary attack but very targetted.




In-depth TV news, reviews & interviews -
Boxcutters podcast
- fresh every Monday night



1574 posts

Uber Geek
+1 received by user: 11


  # 247309 16-Aug-2009 19:04
Send private message

Just received another email for this fake/scam "product". This time it was received from 'update@adobe-pdf2009.com' as opposed to 'info@adobe-pdf-2009.net' on the first email.

Anyone else just get this?


Subject line: Update New Version PDF Reader For Windows And Mac


PDF Reader 2009 - New Version for Windows and Mac
The latest PDF Reader: Open, Edit & Create PDF Files

http://www.adobe-pdf2009.com/

Included in this package:

OpenOffice Suite - Get things done more quickly and improve your work
efficiency.

-Open, edit and view all PDF files.
-Enhanced performance with faster loading and zooming.
-Collect your data and combine it into a high quality document.

http://www.adobe-pdf2009.com/


Download the complete Office solution today and also receive free
updates and 24/7 customer support.

"Since the 90's, PDF has become the standard file format for document
exchange." - Adobe

http://www.adobe-pdf2009.com/


Thank you for choosing us, the worldwide leader in PDF Reader
Solutions.

Best Regards,

Matthews Norman
PDF Reader 2009



14 posts

Geek
+1 received by user: 16


  # 247395 16-Aug-2009 22:29
Send private message

dontpanic42: Just received another email for this fake/scam "product". This time it was received from 'update@adobe-pdf2009.com' as opposed to 'info@adobe-pdf-2009.net' on the first email.

Anyone else just get this?


Yep, just got that one too.  Again it was addressed to the email address I gave only to Hell Pizza.  I note Hell Pizza have still not replied to my please explain email.  Has anyone heard back from them?  They have had plently of time to investigate the issue!

1 post

Wannabe Geek


  # 247848 17-Aug-2009 19:19
Send private message

Today I received the same spam message twice at the email address that I have registered with Hell. Sounds like Hell need to admit they have been compromised - how about free wedges for everyone's next order? ;)



1574 posts

Uber Geek
+1 received by user: 11


  # 247851 17-Aug-2009 19:24
Send private message

geekindenial: Today I received the same spam message twice at the email address that I have registered with Hell. Sounds like Hell need to admit they have been compromised - how about free wedges for everyone's next order? ;)


I got it twice as well. Roughly three hours apart.

188 posts

Master Geek
+1 received by user: 9

Subscriber

  # 247963 17-Aug-2009 22:50
Send private message

I wonder if the third party email marketing system they have used (mailprimer.com) has been compromised. That might explain why emails used at other companies have been spammed as well.

1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.