LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   viagra?! No, thank you. I don't do drugs. (http://www.linuxquestions.org/questions/general-10/viagra-no-thank-you-i-dont-do-drugs-846767/)

sycamorex 11-26-2010 04:25 PM

viagra?! No, thank you. I don't do drugs.
 
Today I received an email from my friend advertising some viagra-selling website. I'm not a teenager any more, but I don't think I'll be needing this stuff any time soon:)

The email was sent from his yahoo account to a number of his friends including myself. I phoned him and told him to change his password asap. It seems that his account has been hacked into. Is there anything else that he could do. Does it make any sense to report it to yahoo?

He doesn't use email clients on his box so I believe it's his email account, not windows computer that has been compromised. What do you think?

deadalus.globalnode 11-26-2010 05:32 PM

There is not much else to do.
 
There is not much else that you can do to prevent their acount from being hacked into. However besides changing the password ( which should be 10+ charactars in leangth including upper and lower case letters, numbers etc.) You might want to have them check and see that the pasword recovery settings ( security question, alternate email, etc.) are not easy to guess and arn't remotely connected with the password. It is also a posibility that the necesary informantion was Social Engineered from them, a type of attack that hackers are using more and more. If you havent already, you might want to inform your friend about phishing, callers claiming to be from yahoo needing your password, etc.

Hope this is helpful to someone.

deadalus.globalnode

NOTE: for educational information on Social Engineering and how to deffend from it I suggest www.social-engineer.org.

sycamorex 11-26-2010 05:39 PM

He knows the guidelines for creating secure passwords. I really doubt it involved any social engineering element. He's not that kind of a person who would give out anything to anybody. Either his old password was easy to crack or as you pointed out the additional security information was weak.

thanks a lot

linuxlover.chaitanya 11-27-2010 01:16 AM

The same thing happened with me and some hundreds of gmail users around. I dont know how that happened. The security password was strong, with no weak ways to recover password. I was lucky enough to find it out within less than 5 minutes of the crack and changed all the settings and passwords and not more than 10 emails were sent. I searched google for the same and found out that there were some of other unlucky guys who werent able to find the things out as quickly and the emails were used send more than thousand mails and the email addresses were locked for 24 hours for spamming and excessive emailing.

Hangdog42 11-27-2010 08:43 AM

There is no point in reporting it to Yahoo because they simply don't care. I had a website hosted on Yahoo that got cracked because they were too lazy to secure PHP properly. When I called an pointed this out, they knew all about how poorly secured they were, but they didn't care. Their attitude was that doing the right thing would break a lot of existing websites, so they would rather be lazy and do nothing.

sycamorex 11-27-2010 09:41 AM

Quote:

Originally Posted by Hangdog42 (Post 4172691)
There is no point in reporting it to Yahoo because they simply don't care. I had a website hosted on Yahoo that got cracked because they were too lazy to secure PHP properly. When I called an pointed this out, they knew all about how poorly secured they were, but they didn't care. Their attitude was that doing the right thing would break a lot of existing websites, so they would rather be lazy and do nothing.

That's the spirit! LOL


All times are GMT -5. The time now is 11:46 AM.