-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 13/10/2015 7:15 PM, Jochen Spieker wrote: > Stuart Longland: I had a similar case on my self-administered mail > host. A friend of mine has an account there and random hosts from > all over the world used his credentials to send legitimately > looking spam. We never found out how this happened but changing the > password was enough to make it stop.
Odds on it was open WiFi somewhere, people trust public WiFi ... I cannot understand why. It is patently stupid [or ignorant at best] to use public [or otherwise open] WiFi -- if you don't run it yourself or you totally trust the person whom is running it, then leave it alone. Linus had quite a fit over OpenSuSE handling of WiFi networks; it was asking for root password to enable the WiFi (amongst other things) -- that I think is absolutely the right way to do this. Admins should allow network access specifically, not ordinary users, let alone Linus' daughter whom otherwise should never need to know the root password. Of course, using VPN for everything and I do mean everything on an untrusted WiFi /may/ help, but you better not be running an insecure VPN like PPTP. Cheers A. [1] https://plus.google.com/+LinusTorvalds/posts/1vyfmNCYpi5 - and related write up about retiring kernel devs as a bonus: http://fossforce.com/2015/10/good-software-bad-behavior/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlYdIbcACgkQqBZry7fv4vsOEAEAm9v7mwybNM05hKATeTr09Bgi DET56kiMt89R6DXOalABAJetGdpSh9ee5Rz1LiOqBgC+MV/i+HVRDR/TiSKkgC4K =2WiA -----END PGP SIGNATURE-----