LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 11-26-2010, 05:25 PM   #1
sycamorex
LQ Veteran
 
Registered: Nov 2005
Location: London
Distribution: Slackware64-current
Posts: 5,595
Blog Entries: 1

Rep: Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046
viagra?! No, thank you. I don't do drugs.


Today I received an email from my friend advertising some viagra-selling website. I'm not a teenager any more, but I don't think I'll be needing this stuff any time soon

The email was sent from his yahoo account to a number of his friends including myself. I phoned him and told him to change his password asap. It seems that his account has been hacked into. Is there anything else that he could do. Does it make any sense to report it to yahoo?

He doesn't use email clients on his box so I believe it's his email account, not windows computer that has been compromised. What do you think?
 
Old 11-26-2010, 06:32 PM   #2
deadalus.globalnode
Member
 
Registered: Feb 2010
Distribution: Arch linux and backtrack 4 r2
Posts: 53

Rep: Reputation: 3
There is not much else to do.

There is not much else that you can do to prevent their acount from being hacked into. However besides changing the password ( which should be 10+ charactars in leangth including upper and lower case letters, numbers etc.) You might want to have them check and see that the pasword recovery settings ( security question, alternate email, etc.) are not easy to guess and arn't remotely connected with the password. It is also a posibility that the necesary informantion was Social Engineered from them, a type of attack that hackers are using more and more. If you havent already, you might want to inform your friend about phishing, callers claiming to be from yahoo needing your password, etc.

Hope this is helpful to someone.

deadalus.globalnode

NOTE: for educational information on Social Engineering and how to deffend from it I suggest www.social-engineer.org.
 
Old 11-26-2010, 06:39 PM   #3
sycamorex
LQ Veteran
 
Registered: Nov 2005
Location: London
Distribution: Slackware64-current
Posts: 5,595
Blog Entries: 1

Original Poster
Rep: Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046
He knows the guidelines for creating secure passwords. I really doubt it involved any social engineering element. He's not that kind of a person who would give out anything to anybody. Either his old password was easy to crack or as you pointed out the additional security information was weak.

thanks a lot
 
Old 11-27-2010, 02:16 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
The same thing happened with me and some hundreds of gmail users around. I dont know how that happened. The security password was strong, with no weak ways to recover password. I was lucky enough to find it out within less than 5 minutes of the crack and changed all the settings and passwords and not more than 10 emails were sent. I searched google for the same and found out that there were some of other unlucky guys who werent able to find the things out as quickly and the emails were used send more than thousand mails and the email addresses were locked for 24 hours for spamming and excessive emailing.
 
Old 11-27-2010, 09:43 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
There is no point in reporting it to Yahoo because they simply don't care. I had a website hosted on Yahoo that got cracked because they were too lazy to secure PHP properly. When I called an pointed this out, they knew all about how poorly secured they were, but they didn't care. Their attitude was that doing the right thing would break a lot of existing websites, so they would rather be lazy and do nothing.
 
Old 11-27-2010, 10:41 AM   #6
sycamorex
LQ Veteran
 
Registered: Nov 2005
Location: London
Distribution: Slackware64-current
Posts: 5,595
Blog Entries: 1

Original Poster
Rep: Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046Reputation: 1046
Quote:
Originally Posted by Hangdog42 View Post
There is no point in reporting it to Yahoo because they simply don't care. I had a website hosted on Yahoo that got cracked because they were too lazy to secure PHP properly. When I called an pointed this out, they knew all about how poorly secured they were, but they didn't care. Their attitude was that doing the right thing would break a lot of existing websites, so they would rather be lazy and do nothing.
That's the spirit! LOL
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Just Say No: How Drugs Affect Computer Gaming AI LXer Syndicated Linux News 0 05-02-2009 04:20 PM
Drugs, drugs, drugs. ed-j General 95 06-20-2007 04:59 PM
Spaced Out: All Day in Hospital (on drugs) salmanal MEPIS 3 07-27-2005 02:23 AM
prescription drugs and sleep watashiwaotaku7 General 13 04-16-2004 12:12 AM
I feel the need for speed(not drugs) DAChristen29 Linux - Newbie 5 12-31-2002 12:04 AM


All times are GMT -5. The time now is 07:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration