DrupalCampNH will take place May 22nd at SNHU Manchester. Drupal is GPL
licensed software, running a classic LAMP stack. Drupal Camp appears to
be a locally-organized event. An admission ticket can be purchased
online for $5. See details and register at http://drupalcampnh.org/
Attendance is
A friend's webmail account (@msn.com) appears to have been hacked. I
received a request to wire $1470 to London (UK) to help her out. She
was mugged and lost her cash and credit cards.
Is there any place to report this sort of email that might actually do
some good?
I'll start with
Lloyd Kvam pyt...@venix.com writes:
A friend's webmail account (@msn.com) appears to have been hacked. I
received a request to wire $1470 to London (UK) to help her out. She
was mugged and lost her cash and credit cards.
Is there any place to report this sort of email that might actually
I had a friend with an IDENTICAL story... Stuck in London, she had been
robbed and desperately needed money to get home.
Turns out her facebook account had been hacked (probably poor password
security).
Anyway, these guys even went as far as start chatting with me on IM (MSN and
FB chat),
Benjamin Scott dragonh...@gmail.com writes:
On Mon, Apr 26, 2010 at 3:02 PM, Joshua Judson Rosen
roz...@geekspace.com wrote:
And *then* we discovered just how much better the OSM maps can be
than the proprietary ones ... which makes perfect sense to me,
since there's actually a way for
On 04/27/2010 12:51 PM, Derek Atkins wrote:
Lloyd Kvam pyt...@venix.com writes:
A friend's webmail account (@msn.com) appears to have been hacked. I
received a request to wire $1470 to London (UK) to help her out. She
was mugged and lost her cash and credit cards.
Is there any place
On Tue, 2010-04-27 at 12:53 -0400, Joel Burtram wrote:
Keep the group updated on any developments, I'm curious to know if you
get anywhere.
I don't think there will be anything much to report. My friend called
in. She and her husband were on the phone with Microsoft trying to get
the account
I don't think there will be anything much to report. My friend called
in. She and her husband were on the phone with Microsoft trying to get
the account shut down. Unless Microsoft gets in touch with me for more
data on the emails there will be nothing more.
Do bear in mind that it's
Wups! Mea culpa -- clearly, that wasn't the case, as the e-mail
originated from someone you knew. In which case, it was probably a weak
password crack. I, myself, got bitten by that using what *I*, at least,
thought was a fairly esoteric password. But my account provider ran the
couple-million
To echo what others have said: I would suggest: Perform damage
control, identify the vulnerability (e.g., weak password, browsing
from a public terminal, etc.), take corrective action, and move on.
Trying to catch the offenders is a hopelessly proposition.
They're usually impossible to trace.
Jerry Feldman g...@blu.org writes:
Even worse is the hijacking of from addresses. I'm not sure how to
prevent that.
There are some partly technical, partly social things like DKIM that you
can deploy on your domains to try to help improve the system as a whole
(not your system, *the*
On Tue, Apr 27, 2010 at 3:21 PM, Ken D'Ambrosio k...@jots.org wrote:
I, myself, got bitten by that using what *I*, at least,
thought was a fairly esoteric password.
If you're still using a passWORD on today's Internet, you're already
in a very high risk category. Using an English word for a
On Tue, Apr 27, 2010 at 2:25 PM, Joshua Judson Rosen
roz...@geekspace.com wrote:
I'm pretty sure that the `$80 for one update' option is just the
`decoy effect' in action: it's there to show people that `$40 per year'
is `cheap' ...
Ah, good point!
The spot you're looking at will never be
On Tue, 2010-04-27 at 15:17 -0400, Ken D'Ambrosio wrote:
I don't think there will be anything much to report. My friend called
in. She and her husband were on the phone with Microsoft trying to get
the account shut down. Unless Microsoft gets in touch with me for more
data on the emails
On Tue, 2010-04-27 at 16:22 -0400, Joshua Judson Rosen wrote:
stop calling it hijacking--you wouldn't use that term
for USPS-based mail fraud, because it would mean something completely
different if you did (someone hijacked my PO box and sent postcards
claiming to be me).
Though in this
On Tue, 2010-04-27 at 16:22 -0400, Benjamin Scott wrote:
If you're still using a passWORD on today's Internet, you're already
in a very high risk category. Using an English word for a password is
supposed to be roughly equivalent to using 12 bit encryption or
something like that.
I
On Tue, Apr 27, 2010 at 5:26 PM, Lloyd Kvam lk...@venix.com wrote:
Do you think it is hopeless trying to educate users to import a
certificate and protect it with a pass phrase?
Yes, see #5:
http://www.ranum.com/security/computer_security/editorials/dumb/
However, that's not to say you can't
On Tue, Apr 27, 2010 at 5:26 PM, Lloyd Kvam lk...@venix.com wrote:
Has anyone here tried to use certificates or public-keys to control
access?
Yes. A few of our customers at $WORK do this. (Of course, they
usually email us the private key without any transport protection, but
hey, you
On Tue, Apr 27, 2010 at 5:51 PM, Alan Johnson a...@datdec.com wrote:
Personally, I like the open id concept. Assuming you have a secure
provider, and a secure password/cert with them ...
So, it fails on both counts, then. HHOS.
Large-scale SSO systems scare me because if the SSO host is
19 matches
Mail list logo