[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 03/04/12 19:45, badapple wrote: > > I have *never* used the yahoo webmail interface to send an email. Although is it not the same password as other Yahoo services. i.e. do you use the the Yahoo credentials anywhere else. The Japanese link was interesting, but may not lead any where nor is it likely the exploiters would be near where the exploit took place. i.e. Simply because you have an interest in Anime and the first check was in Japan doesn't mean much, Japan has 5 to 10% of the Internet hosts, you probably also have interests in other countries. > I don't have an address book on yahoo and the email > gummy_bear1973@xxxxxxxxxxx is completely unknown to me (and currently > under investigation). Google had precisely one hit, a big list of games email addresses. http://www.ulti mate-game-mods.com/mailbase.txt Although tread carefully here, as something in the handling of this site managed to cache an affiliate redirect to "theremovevirustool.com" which has a shady reputation. I'm assuming that it probably sent a redirect when I requested the file, so maybe some sort of occasional web redirect in the sites configuration as I couldn't reproduce it. Still a little unnerving. > There is no way my machine-generated strong password has been > compromised. The strength of the password is irrelevant for most compromises. This does seem the most likely route. If it were a Yahoo API compromise we would likely be flooded with email from spammers trying to maximize the exploit before it is closed, since getting hold of lists of Yahoo accounts isn't hard. > Please stop telling me I've been keylogged because it's not the case! I think it unlikely, but it pays not to assume things. Was the Yahoo password stored in a browser password store as that opens a whole load of routes of attack. If the password is only used for email using regular email clients, and the connection between clients and Yahoo is suitably encrypted, it would suggest local compromise of some sort. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq