[kwlug-disc] OT: Hotmail/Yahoo account breakins

Khalid Baheyeldin kb at 2bits.com
Thu Feb 14 19:42:45 EST 2013

I have been bitten by this email hijack.

For regular browsing, I use Firefox with NoScript, and disable all
Javascript and Flash for all sites, except a select few (Google for Gmail,
Facebook because it is not functional without it, ...etc.)

For surfing the occasional site that I need Javascript or Flash on, I use
Chromium, and fire it up as needed, and paste the URL.

Yahoo Mail and Hotmail, which I only use occasionally, require Javascript
and don't degrade gracefully. So I use those on Chromium once a week or
once a month.

My Yahoo Mail was taken over, and someone was sending emails with links to
my contacts with malicious links. I changed the password in Yahoo Mail, and
the problem went away.

So, my conclusion is that Javascript seems to be the culprit, or maybe XSS,
but I don't recall clicking on any of the links sent by anyone.

I have NEVER ever used Yahoo Mail or Hotmail on a mobile device, so that is
not the attack vector for sure.

Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20130214/c6889443/attachment.html>

More information about the kwlug-disc mailing list