[kwlug-disc] OT: Hotmail/Yahoo account breakins
unsolicited at swiz.ca
Thu Feb 14 21:32:51 EST 2013
Worth forwarding all accounts to your trusted / preferred server, where
you can use your (sandboxed?) trusted e-mail client / browser/e-mail
combo? (Isn't gmail supposed to have some pretty good malware detection
In that client you could set up connections so even these go out on the
associated (yahoo/hotmail/gmail) smtp server, but at least you're
receiving everything via your one trusted self / internet conduit.
gmail will let you send out as whomever you want (after a verification
process), albeit the headers will reveal it came via a gmail smtp.
Presumably most, most of the time, won't care. IIRC, even such messages
routed out via gmail don't show your gmail address, just the
yahoo/hotmail/whatever one, even though it went out via a gmail smtp server.
Something else not mentioned thus far: only read e-mail in plain text.
Switching to non-plain text on a per message, judicious, basis.
(Perhaps it is HTML e-mail itself that created these holes / problems
for the world, in the first place.)
I'm guessing from Paul's original message he can't prevent his users
from using servers other than his own, within which he could establish a
sanitizer - clamav?
On 13-02-14 07:42 PM, Khalid Baheyeldin wrote:
> I have been bitten by this email hijack.
> For regular browsing, I use Firefox with NoScript, and disable all
> Facebook because it is not functional without it, ...etc.)
> Chromium, and fire it up as needed, and paste the URL.
> and don't degrade gracefully. So I use those on Chromium once a week or
> once a month.
> My Yahoo Mail was taken over, and someone was sending emails with links to
> my contacts with malicious links. I changed the password in Yahoo Mail, and
> the problem went away.
> but I don't recall clicking on any of the links sent by anyone.
> I have NEVER ever used Yahoo Mail or Hotmail on a mobile device, so that is
> not the attack vector for sure.
More information about the kwlug-disc