[kwlug-disc] OT: Hotmail/Yahoo account breakins

[Khalid Baheyeldin]

On Thu, Feb 14, 2013 at 9:32 PM, unsolicited <unsolicited at swiz.ca> wrote:

> Worth forwarding all accounts to your trusted / preferred server, where
> you can use your (sandboxed?) trusted e-mail client / browser/e-mail combo?
> (Isn't gmail supposed to have some pretty good malware detection behind it?)
>

In theory, yes.

But not all services provide forwarding nor POP/IMAP (AFAIK, only Gmail
allows it).

Further more, I used Gmail for its features, like spam protection,
threading, good compose features, ...etc.

And I don't want to run my own POP/IMAP server.

And the attack vector was not Gmail. It was definitely Chromium and Yahoo
Mail.

So all of that does not solve anything in this case.

Something else not mentioned thus far: only read e-mail in plain text.
> Switching to non-plain text on a per message, judicious, basis.
>

If someone sends you a URL, and you have plain text email in your client,
and you copy and paste it, then it is the same as clicking it from HTML.


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20130214/342e9f5b/attachment.htm>