[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Apr 23, 2013 11:52 PM, "Simon Waters" wrote:
> The other accesses I've seen were from Brazil and America amongst
> others, so I think all you can say confidently is bots exist in
> Banglasdesh as well. I doubt they are using bots for some, and their own
> IPs for others, the bad guys are more organized than that.
Sure - we shouldn't read too much into the IP location unless there is a wider trend.
> My guess is it is automated exploit using stolen or guessed credentials.
> Looking at the Yahoo cookie handling, it doesn't look too sophisticated,
> so if you browse another website with the cookie still in your cookie
> jar and Yahoo have another XSS vulnerability somewhere in their domain
> (likely)...
That would be my guess too. Except that I hadn't used this account for over a year (and even back then only a few times). And my PC, the only place where I has ever accessed the account from, had been off for a week because I was abroad.
Still, I could have missed something somewhere. But there is bad apple's case too. And others. I know of someone's test account, used once to email another account, that ended up being compromised.
Martijn.
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq