[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] .bad apple.

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] .bad apple.
From: bad apple <ifindthatinteresting@xxxxxxxxx>
Date: Wed, 27 Mar 2013 23:52:45 +0000
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1364428370; bh=qdC0u2XN61M7oBsLWa01ypiV1VYNOhuQ2NnMacKW3Vk=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=PicrRFKXlXQa8vxnNmHFtMQxGNHkkHvkA+o67sSpoboMEYV/TrTFJyXhI68nL+emPnWDOj69DipeJOWytSrXFZdU+ZNww4rFC7oZ2oHVaZuOUWgckIzeq9ONZPjxGigWGB7S16lJCb4qHMjbzxi0JVJ2qO11gtsrNc4x2Cp2UUU=

On 27/03/13 23:21, bad apple wrote:
> http://www.seguridadseisavi.com/jrohpdvk/xxsjy.ropcs?myoj  
>
>

Oh fucking hell, not again...

So, just got back in from a job and checked my email: behold, my
throwaway yahoo account used for Freecycle, this mailing list and others
has once again been spewing spam to valid accounts from my contact list,
including here. Lots of bounce messages from the yahoo mail servers and
presumably several angry emails to be arriving tomorrow when the
recipients get them. Once again, the mails contain obvious malware
links. Fantastic.

Just as before, this email is accessed purely from my current home
workstation and not any of my laptops, phones or other devices and has
never been accessed from outside this house. Specifically, this account
runs from my main Thunderbird instance on this box only and it doesn't
remember the password (manually entered on connect and first send).
Following the last occurrence, I habitually change my yahoo password
every one month to an uncrackable 30 character random string (mixed
case, special characters and digits) kept in a password manager: it has
to be copy/pasted because it's way too long to remember.

This workstation is still a hardened Debian install - as you guys
probably know by now, not only do I seriously know what I'm doing, I'm
positively lunatic-level obsessive about security. There is no chance
this machine has been compromised, and I've already had it offline since
I got back in for a rootkit sweep and a check against my daily tripwire
checksums. Nothing at my end, basically. If this box had been
compromised there is so much juicy stuff on it that the last thing the
attacker would give a shit about is swiping my pointless yahoo password
anyway, literally the keys to the kingdom are on this machine (my ssh
keys to numerous client sites would be a better target, just for a start).

This time it's worse than before: I immediately tried to change my
password manually on the yahoo website and there's a new security
question that I didn't put there. It accepted my initial password
though, which implies my password is unchanged but it's now known to
someone else who isn't me - I'll find out for sure when I try and send
this email from Thunderbird.

So, WTF?

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] .bad apple.
- From: bad apple
Follow-up: Re: [LUG] .bad apple.
- From: Simon Waters

References:
- [LUG] .bad apple.
  - From: bad apple

Prev by Date: Re: [LUG] .bad apple.
Next by Date: Re: [LUG] .bad apple.
Previous by thread: Re: [LUG] .bad apple.
Next by thread: Re: [LUG] .bad apple.
Index(es):
- Date
- Thread