I've got a couple of questions. First, I have an account with AT&T and can access it thru Yahoo.com, I can also access it thru Windows Live. My question is, is this email account now in jeopardy? Is it necessary to change the password? Murray
________________________________ From: James Kerr [mailto:cluster...@gmail.com] Sent: Tuesday, October 06, 2009 10:29 AM To: NT System Admin Issues Subject: Re: SANS Diary: Time to change your hotmail/gmail/yahoo password Yeah exactly, only goons who respond to phishing schemes were affected. ----- Original Message ----- From: Carl Houseman <mailto:c.house...@gmail.com> To: NT System Admin Issues <mailto:ntsysadmin@lyris.sunbelt-software.com> Sent: Tuesday, October 06, 2009 11:22 AM Subject: RE: SANS Diary: Time to change your hotmail/gmail/yahoo password It would seem this only affects accounts of those who've fallen victim to a phishing scheme. If you haven't entered your Live/Gmail/Hotmail password on a bogus website, there's no immediate need to change passwords. From: Kim Longenbaugh [mailto:k...@colonialsavings.com] Sent: Tuesday, October 06, 2009 11:00 AM To: NT System Admin Issues Subject: RE: SANS Diary: Time to change your hotmail/gmail/yahoo password Yes, I missed it too. Thanks for the post. Gotta run, I'm busy changing passwords.... ________________________________ From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, October 06, 2009 9:53 AM To: NT System Admin Issues Subject: SANS Diary: Time to change your hotmail/gmail/yahoo password I missed this yesterday, did you? http://isc.sans.org/diary.html?storyid=7276: Microsoft has confirmed that thousands of Windows Live accounts have been compromised with their passwords posted online. Mainstream media such as the BBC are also carrying the story. Some information is posted here <http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528. entry?wa=wsignin1.0&sa=363915619> . UPDATE: Gmail and Yahoo are also affected by the compromise. Change all passwords on any of these popular webmail sites. Some does and don'ts: * Do change your passwords on a regular basis (every six months or so) * Do use long complex pass-phrases rather than passwords where you can * Do change all of your passwords if you notice something suspicious * Do take identity theft seriously * Do use up-to-date anti-virus and a firewall * Do NOT click on links in emails, ever * Do NOT use the same password at multiple sites -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~