doesnt yahoomail support 2 step authetication... the real truth is passwords are no longer safe enough no matter how strong they are.... the only way for now is two step authetication as simple as that On Dec 10, 2012 2:51 PM, "Colline Waiswa" <[email protected]> wrote:
> > > I dont know how the breach took place but i highly doubt it was guessed > coz i think it had the characteristics of a good password. > 1: it was quite long ( over 10+ characters) > 2: had alternating capitation > 3: had atleast 1 special character > 4: was unrelated to my cat, team,etc > > Colline > > > ------------------------------ > On Mon, Dec 10, 2012 3:08 AM PST Benjamin Tayehanpour wrote: > > >Most *targeted* breaches are, yes. If you know a specific user and you > want > >that user's account, specifically, then password-guessing is common. But > >this was quite evidently not a targeted breach, otherwise spam would be > the > >least of his/her problems. Most non-targeted breaches (as in: "I have this > >lovely piece of spam I want to distribute, so I need one thousand hacked > >accounts") happen through lousy workstation security, with spyware or MITM > >attacks swiping the credentials. > > > >I'm curious. What was your password, Colline? Since you've changed it it > >shouldn't hurt to reveal it, right? > > > >On 10 December 2012 11:58, Victor van Reijswoud < > >[email protected]> wrote: > > > >> Most breaches are because of poor passwords (except this one, of course > :) > >> ). Interesting overview here: > >> http://nakedsecurity.sophos.com/2012/07/13/yahoo-voices-poor-passwords/ > >> > >> > >> On Mon, Dec 10, 2012 at 11:19 AM, Benjamin Tayehanpour < > >> [email protected]> wrote: > >> > >> Any idea how the breach happened yet? Password-guessing for spam-related > >> purposes is quite rare nowadays, with sophisticated brute force > protection > >> and especially if the password is a good strong one (which I assume, > since > >> you're a Linux user and thus have common sense). Did you have your > password > >> written down somewhere accessible? Did you save it with a password > manager > >> on a public computer? Did you link your account to some other account > >> (Facebook/Twitter/&c.) which is compromised? > >> > >> On 10 December 2012 10:28, Colline Waiswa <[email protected]> wrote: > >> > >>> > >>> > >>> > >>> Seeing as my sent mail folder is full of the that message sent to all > my > >>> contacts, i am pretty sure the mailbox was gotten into > >>> > >>> Colline > >>> > >>> ------------------------------ > >>> On Mon, Dec 10, 2012 12:42 AM PST Mike Barnard wrote: > >>> > >>> >On 9 December 2012 17:37, Benjamin Tayehanpour > >>> ><[email protected]>wrote: > >>> > > >>> > Without SPF protection, I could send e-mails which look like they > >>> > originate from your account, and the receiver will have no means of > >>> > verifying the sender address since SPF isn't implemented. That's one > >>> of > >>> > many reasons why Yahoo! is a bad e-mail service provider. I'm not > >>> saying we > >>> > should ban all users of Yahoo!; I'm saying Yahoo! as a service > >>> provider > >>> > should be boycotted due to the numerous flaws in their service. > >>> > > >>> > That said, I'm glad you managed to change the password so you didn't > >>> lose > >>> > the account. Such things can be a real pain otherwise! Do you know > >>> how the > >>> > breach happened? > >>> > > >>> > > >>> >The "breach" will most likely happen again... I doubt that the person > >>> >actually got into his mailbox. Most spam from yahoo addresses tends to > >>> be > >>> >from botnets that take advantage of the fact that one cannot > >>> legitimately > >>> >check whether its actually yahoo who sent the email. > >>> > > >>> > > >>> >-- > >>> >Mike > >>> > > >>> >Of course, you might discount this possibility, but remember that one > >>> in a > >>> >million chances happen 99% of the time. > >>> >------------------------------------------------------------ > >>> > >>> _______________________________________________ > >>> The Uganda Linux User Group: http://linux.or.ug > >>> > >>> Send messages to this mailing list by addressing e-mails to: > >>> [email protected] > >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >>> Mailing list settings: http://kym.net/mailman/listinfo/lug > >>> To unsubscribe: http://kym.net/mailman/options/lug > >>> > >>> The Uganda LUG mailing list is generously hosted by INFOCOM: > >>> http://www.infocom.co.ug/ > >>> > >>> The above comments and data are owned by whoever posted them (including > >>> attachments if any). The mailing list host is not responsible for them > in > >>> any way. > >>> > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The mailing list host is not responsible for them > in > >> any way. > >> > >> > >> > >> _______________________________________________ > >> The Uganda Linux User Group: http://linux.or.ug > >> > >> Send messages to this mailing list by addressing e-mails to: > >> [email protected] > >> Mailing list archives: http://www.mail-archive.com/[email protected]/ > >> Mailing list settings: http://kym.net/mailman/listinfo/lug > >> To unsubscribe: http://kym.net/mailman/options/lug > >> > >> The Uganda LUG mailing list is generously hosted by INFOCOM: > >> http://www.infocom.co.ug/ > >> > >> The above comments and data are owned by whoever posted them (including > >> attachments if any). The mailing list host is not responsible for them > in > >> any way. > >> > I highly doubt > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
