Lol! Also i dont know why people insist on calling me 'collins', my name is Sanga On Dec 10, 2012 7:19 AM, "Jake Markhus" <[email protected]> wrote:
> I am looking for good Indicators like "my passphrase..." > and portents like "MORE THAN ONE special character" > Then wonderfully positive stuff like, "I change my password regularly and > don't know what the secret question is form anymore". > For bonus points, "you know I have read Mat Honan on how apple and Amazon > security flaws led to his epic hacking ". > Such stuff. > BTW, you do get mad props for making me think it was Sanga Collins whose > account was hacked. Good job there. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of > Colline Waiswa > Sent: Monday, 10 December 2012 14:51 > To: [email protected] > Subject: Re: [LUG] (no subject) > > > > I dont know how the breach took place but i highly doubt it was guessed coz > i think it had the characteristics of a good password. > 1: it was quite long ( over 10+ characters) > 2: had alternating capitation > 3: had atleast 1 special character > 4: was unrelated to my cat, team,etc > > Colline > > > ------------------------------ > On Mon, Dec 10, 2012 3:08 AM PST Benjamin Tayehanpour wrote: > > >Most *targeted* breaches are, yes. If you know a specific user and you > >want that user's account, specifically, then password-guessing is > >common. But this was quite evidently not a targeted breach, otherwise > >spam would be the least of his/her problems. Most non-targeted breaches > >(as in: "I have this lovely piece of spam I want to distribute, so I > >need one thousand hacked > >accounts") happen through lousy workstation security, with spyware or > >MITM attacks swiping the credentials. > > > >I'm curious. What was your password, Colline? Since you've changed it > >it shouldn't hurt to reveal it, right? > > > >On 10 December 2012 11:58, Victor van Reijswoud < > >[email protected]> wrote: > > > >> Most breaches are because of poor passwords (except this one, of > >> course :) ). Interesting overview here: > >> http://nakedsecurity.sophos.com/2012/07/13/yahoo-voices-poor-password > >> s/ > >> > >> > >> On Mon, Dec 10, 2012 at 11:19 AM, Benjamin Tayehanpour < > >> [email protected]> wrote: > >> > >> Any idea how the breach happened yet? Password-guessing for > >> spam-related purposes is quite rare nowadays, with sophisticated > >> brute force protection and especially if the password is a good > >> strong one (which I assume, since you're a Linux user and thus have > >> common sense). Did you have your password written down somewhere > >> accessible? Did you save it with a password manager on a public > >> computer? Did you link your account to some other account > >> (Facebook/Twitter/&c.) which is compromised? > >> > >> On 10 December 2012 10:28, Colline Waiswa <[email protected]> wrote: > >> > >>> > >>> > >>> > >>> Seeing as my sent mail folder is full of the that message sent to > >>> all my contacts, i am pretty sure the mailbox was gotten into > >>> > >>> Colline > >>> > >>> ------------------------------ > >>> On Mon, Dec 10, 2012 12:42 AM PST Mike Barnard wrote: > >>> > >>> >On 9 December 2012 17:37, Benjamin Tayehanpour > >>> ><[email protected]>wrote: > >>> > > >>> > Without SPF protection, I could send e-mails which look like they > >>> > originate from your account, and the receiver will have no means > >>> > of verifying the sender address since SPF isn't implemented. > >>> > That's one > >>> of > >>> > many reasons why Yahoo! is a bad e-mail service provider. I'm not > >>> saying we > >>> > should ban all users of Yahoo!; I'm saying Yahoo! as a service > >>> provider > >>> > should be boycotted due to the numerous flaws in their service. > >>> > > >>> > That said, I'm glad you managed to change the password so you > >>> > didn't > >>> lose > >>> > the account. Such things can be a real pain otherwise! Do you know > >>> how the > >>> > breach happened? > >>> > > >>> > > >>> >The "breach" will most likely happen again... I doubt that the > >>> >person actually got into his mailbox. Most spam from yahoo > >>> >addresses tends to > >>> be > >>> >from botnets that take advantage of the fact that one cannot > >>> legitimately > >>> >check whether its actually yahoo who sent the email. > >>> > > >>> > > >>> >-- > >>> >Mike > >>> > > >>> >Of course, you might discount this possibility, but remember that > >>> >one > >>> in a > >>> >million chances happen 99% of the time. > >>> >------------------------------------------------------------ > >>> > >>> _______________________________________________ > >>> The Uganda Linux User Group: http://linux.or.ug > >>> > >>> Send messages to this mailing list by addressing e-mails to: > >>> [email protected] > >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >>> Mailing list settings: http://kym.net/mailman/listinfo/lug > >>> To unsubscribe: http://kym.net/mailman/options/lug > >>> > >>> The Uganda LUG mailing list is generously hosted by INFOCOM: > >>> http://www.infocom.co.ug/ > >>> > >>> The above comments and data are owned by whoever posted them > >>> (including attachments if any). The mailing list host is not > >>> responsible for them in any way. > >>> > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them > >> (including attachments if any). The mailing list host is not > >> responsible for them in any way. > >> > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them > >> (including attachments if any). The mailing list host is not > >> responsible for them in any way. > >> > I highly doubt > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
