D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] (no subject)

 

On 03/04/12 19:45, badapple wrote:
> 
> I have *never* used the yahoo webmail interface to send an email.

Although is it not the same password as other Yahoo services. i.e. do
you use the the Yahoo credentials anywhere else.

The Japanese link was interesting, but may not lead any where nor is it
likely the exploiters would be near where the exploit took place. i.e.
Simply because you have an interest in Anime and the first check was in
Japan doesn't mean much, Japan has 5 to 10% of the Internet hosts, you
probably also have interests in other countries.

> I don't have an address book on yahoo and the email
> gummy_bear1973@xxxxxxxxxxx is completely unknown to me (and currently
> under investigation).

Google had precisely one hit, a big list of games email addresses.

http://www.ulti mate-game-mods.com/mailbase.txt

Although tread carefully here, as something in the handling of this site
managed to cache an affiliate redirect to "theremovevirustool.com" which
has a shady reputation.

I'm assuming that it probably sent a redirect when I requested the file,
so maybe some sort of occasional web redirect in the sites configuration
as I couldn't reproduce it. Still a little unnerving.

> There is no way my machine-generated strong password has been
> compromised.

The strength of the password is irrelevant for most compromises. This
does seem the most likely route. If it were a Yahoo API compromise we
would likely be flooded with email from spammers trying to maximize the
exploit before it is closed, since getting hold of lists of Yahoo
accounts isn't hard.

> Please stop telling me I've been keylogged because it's not the case!

I think it unlikely, but it pays not to assume things.

Was the Yahoo password stored in a browser password store as that opens
a whole load of routes of attack.

If the password is only used for email using regular email clients, and
the connection between clients and Yahoo is suitably encrypted, it would
suggest local compromise of some sort.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq