GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Today I received an email from my friend advertising some viagra-selling website. I'm not a teenager any more, but I don't think I'll be needing this stuff any time soon
The email was sent from his yahoo account to a number of his friends including myself. I phoned him and told him to change his password asap. It seems that his account has been hacked into. Is there anything else that he could do. Does it make any sense to report it to yahoo?
He doesn't use email clients on his box so I believe it's his email account, not windows computer that has been compromised. What do you think?
There is not much else that you can do to prevent their acount from being hacked into. However besides changing the password ( which should be 10+ charactars in leangth including upper and lower case letters, numbers etc.) You might want to have them check and see that the pasword recovery settings ( security question, alternate email, etc.) are not easy to guess and arn't remotely connected with the password. It is also a posibility that the necesary informantion was Social Engineered from them, a type of attack that hackers are using more and more. If you havent already, you might want to inform your friend about phishing, callers claiming to be from yahoo needing your password, etc.
Hope this is helpful to someone.
deadalus.globalnode
NOTE: for educational information on Social Engineering and how to deffend from it I suggest www.social-engineer.org.
He knows the guidelines for creating secure passwords. I really doubt it involved any social engineering element. He's not that kind of a person who would give out anything to anybody. Either his old password was easy to crack or as you pointed out the additional security information was weak.
The same thing happened with me and some hundreds of gmail users around. I dont know how that happened. The security password was strong, with no weak ways to recover password. I was lucky enough to find it out within less than 5 minutes of the crack and changed all the settings and passwords and not more than 10 emails were sent. I searched google for the same and found out that there were some of other unlucky guys who werent able to find the things out as quickly and the emails were used send more than thousand mails and the email addresses were locked for 24 hours for spamming and excessive emailing.
There is no point in reporting it to Yahoo because they simply don't care. I had a website hosted on Yahoo that got cracked because they were too lazy to secure PHP properly. When I called an pointed this out, they knew all about how poorly secured they were, but they didn't care. Their attitude was that doing the right thing would break a lot of existing websites, so they would rather be lazy and do nothing.
There is no point in reporting it to Yahoo because they simply don't care. I had a website hosted on Yahoo that got cracked because they were too lazy to secure PHP properly. When I called an pointed this out, they knew all about how poorly secured they were, but they didn't care. Their attitude was that doing the right thing would break a lot of existing websites, so they would rather be lazy and do nothing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.