I dont know how the breach took place but i highly doubt it was guessed coz i think it had the characteristics of a good password. 1: it was quite long ( over 10+ characters) 2: had alternating capitation 3: had atleast 1 special character 4: was unrelated to my cat, team,etc
Colline ------------------------------ On Mon, Dec 10, 2012 3:08 AM PST Benjamin Tayehanpour wrote: >Most *targeted* breaches are, yes. If you know a specific user and you want >that user's account, specifically, then password-guessing is common. But >this was quite evidently not a targeted breach, otherwise spam would be the >least of his/her problems. Most non-targeted breaches (as in: "I have this >lovely piece of spam I want to distribute, so I need one thousand hacked >accounts") happen through lousy workstation security, with spyware or MITM >attacks swiping the credentials. > >I'm curious. What was your password, Colline? Since you've changed it it >shouldn't hurt to reveal it, right? > >On 10 December 2012 11:58, Victor van Reijswoud < >[email protected]> wrote: > >> Most breaches are because of poor passwords (except this one, of course :) >> ). Interesting overview here: >> http://nakedsecurity.sophos.com/2012/07/13/yahoo-voices-poor-passwords/ >> >> >> On Mon, Dec 10, 2012 at 11:19 AM, Benjamin Tayehanpour < >> [email protected]> wrote: >> >> Any idea how the breach happened yet? Password-guessing for spam-related >> purposes is quite rare nowadays, with sophisticated brute force protection >> and especially if the password is a good strong one (which I assume, since >> you're a Linux user and thus have common sense). Did you have your password >> written down somewhere accessible? Did you save it with a password manager >> on a public computer? Did you link your account to some other account >> (Facebook/Twitter/&c.) which is compromised? >> >> On 10 December 2012 10:28, Colline Waiswa <[email protected]> wrote: >> >>> >>> >>> >>> Seeing as my sent mail folder is full of the that message sent to all my >>> contacts, i am pretty sure the mailbox was gotten into >>> >>> Colline >>> >>> ------------------------------ >>> On Mon, Dec 10, 2012 12:42 AM PST Mike Barnard wrote: >>> >>> >On 9 December 2012 17:37, Benjamin Tayehanpour >>> ><[email protected]>wrote: >>> > >>> > Without SPF protection, I could send e-mails which look like they >>> > originate from your account, and the receiver will have no means of >>> > verifying the sender address since SPF isn't implemented. That's one >>> of >>> > many reasons why Yahoo! is a bad e-mail service provider. I'm not >>> saying we >>> > should ban all users of Yahoo!; I'm saying Yahoo! as a service >>> provider >>> > should be boycotted due to the numerous flaws in their service. >>> > >>> > That said, I'm glad you managed to change the password so you didn't >>> lose >>> > the account. Such things can be a real pain otherwise! Do you know >>> how the >>> > breach happened? >>> > >>> > >>> >The "breach" will most likely happen again... I doubt that the person >>> >actually got into his mailbox. Most spam from yahoo addresses tends to >>> be >>> >from botnets that take advantage of the fact that one cannot >>> legitimately >>> >check whether its actually yahoo who sent the email. >>> > >>> > >>> >-- >>> >Mike >>> > >>> >Of course, you might discount this possibility, but remember that one >>> in a >>> >million chances happen 99% of the time. >>> >------------------------------------------------------------ >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them in >>> any way. >>> >> >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> >> >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them in >> any way. >> I highly doubt _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
