[kwlug-disc] OT: Hotmail/Yahoo account breakins

unsolicited unsolicited at swiz.ca
Thu Feb 28 00:22:52 EST 2013


When it happened to you, this was on your gmail account?

i.e. From prior in the thread, this seems to have been more prevalent 
recently with hotmail / yahoo / rogers. And also from earlier in the 
thread, it is expected that the XSS attack vectors (code) aren't 
precisely the same between providers. So, your message is the first to 
add gmail to the list - if it was your gmail you are talking about here.

Given you sent this via your cell, that seems to be adding Android (I 
presume) to the list of in play current victims? XSS even?

An earlier comment alluded to gmail appearing to be better at spam 
control, is -part- of the solution here to ditch hotmail / yahoo / 
rogers? (Let alone focus on using firefox and associated addons, vs 
other browsers available out there?)

On 13-02-27 10:55 PM, chaslinux at gmail.com wrote:
> I've noticed the same and had people come in asking what to do about
> all the spam they've been getting from friends. (and I too sent out
> some spam a couple of weeks back, likely cross side scripting. Oddly
> only a few contacts got sent spam, not the hundreds in my gmail
> address book)
>
> Much of what I've been seeing is link spam. Blog:
> http://www.charlesmccolm.com/ www: http://www.rebuild-it.com/ Sent
> from my cell phone.
>
> -----Original Message----- From: Rashkae <rashkae at tigershaunt.com>
>
> On 02/27/2013 10:17 PM, John Kerr wrote:
>
>> Is this a bigger problem than anyone inside or outside of Yahoo
>> Hotmail wants to admit to? I ask rhetorically.

So much for rhetorical?

> There has been a really big problem that started about midway last
> week.. Usually, I get one or two people on my client list per year
> with a compromised e-mail account.  But as of last week, just about
> everyone I know with Yahoo (Rogers) accounts has been hit.
>
> One of them didn't even ever use (or know they had) webmail (POP
> only), so it probably wasn't the XSS exploit most people seem to be
> assuming at play.  I've had no luck finding anyone able/willing to
> explain this latest tsunami of compromised e-mail accounts.



More information about the kwlug-disc mailing list