[kwlug-disc] OT: Hotmail/Yahoo account breakins

Paul Nijjar paul_nijjar at yahoo.ca
Sat Feb 16 12:20:04 EST 2013

On Fri, Feb 15, 2013 at 07:38:01PM -0500, Khalid Baheyeldin wrote:
> On Fri, Feb 15, 2013 at 12:53 AM, unsolicited <unsolicited at swiz.ca> wrote:
> >>
> >> In theory, yes.
> >>
> >> But not all services provide forwarding nor POP/IMAP (AFAIK, only Gmail
> >> allows it).
> >>
> >
> > MANY do, including hotmail and yahoo. Live, gmail, rogers, the list goes
> > on.

> All of them have forwarding and POP/IMAP. But Gmail is the only one
> to have these features free of charge.

In my investigations, I found that yahoo.ca had POP servers available
for free but that yahoo.com did not.

In looking through this thread I am trying to figure out good advice
to give to (somewhat computer anxious) computer users. So far I have:

- Use NoScript (which I probably will not give as advice)
- Open links in separate browsers
- Be wary of weird links and attachments (and check that the URL does
  not secretly point to a malware site)
- Change your password after an attack
- Don't stay logged into your email?
- Use plain text email to stop link spoofing
- Stop using email 

Anything else?

I am still looking for confirmed stories about how these vectors
attack. We have lots of speculation (and it is telling that everybody
has different theories) but not much evidence.

- Paul

More information about the kwlug-disc mailing list