Results 1 to 8 of 8

Thread: web based email breached?

Threaded View

  1. #1
    Join Date
    Apr 2009
    Beans
    190
    Distro
    Ubuntu 12.04 Precise Pangolin

    web based email breached?

    Hi,

    I'm running Ubuntu 10.10 using Firefox 9.0.1. My Yahoo email was compromised the other day. Yahoo service says an IP address in Mexico corresponded with the attack. They got my contacts and spammed them - not just my address book, but everyone I ever contacted , which puzzles me as I use Yahoo classic mail, and the contacts are hidden I'm not sure how I can access them.

    Anyway, I was wondering if this was a vulnerability on my computer or was Yahoo compromised or perhaps my DNS server? I changed the password on my Yahoo account (which I've had for probably near 15 years).
    I don't see any damage to my system or files, perhaps they were just using me to spam. My computer hasn't been slowing down, however it refused to 'sleep' or hibernate until I rebooted, now it works as before.

    Is this anything I need to change besides the action I've already done (changing my password)? I run Clam TK and have configured the firewall well before this breach. Sorry I don't know more about security and counter measures.

    Below is the header of one of the emails:

    Code:
    X-Apparently-To: 		me@yahoo.com via 98.138.85.242; Thu, 04 Oct 2012 11:53:47 -0700
    Return-Path: 		<me@yahoo.com>
    Received-SPF: 		none (domain of yahoo.com does not designate permitted sender hosts) aW5zL2FkZC1mcm9tLXNlcnZlci9pbmZvLnBocD9hdHRhY2hlZDI2MS5qcGcg ATABAQEBA3RleHQvcGxhaW4DAzACA3RleHQvaHRtbAMDMQ--
    X-YMailISG: 		upabsv8WLDuP_W0fOHF2.B9WkwobM8JRzutq6rgLnwBEx.NN 3sNQnt5h1noZYVuC25mAsGc.aYo8jVoMve3nQ8fnRnaUGusMenXLMZYVVKYO oMxDkgp_sMAkssQW4MGmfGMna58uhLvs7Av3cYxo8vXx1UlWDR6HwmxxzzR8 _CLTuqvkaLdvOZ5hjIAKlGffsa6fjdyEsfP1wSCpLPMgXCP7nbnYeCtncBFC DnE.G69z68xIhjrqV2WkBzH23PXLrkdt0YPVP6RldWA0paBhESfhuiCxFklc .4HHLfDv4Xk9eq.Ol9HXbq_2A..frkktWuzdu1mesVvaPegcSfr3cBD1qOmf avq.SLb2b88_wJWrc2Qt8nJLnDCyxPlc6w5Sr1wWX98KQizdK3WdJcfaKpnR .9iL7lJIWiuNQ8FcM9H7dPuKZ_QCBua5V55I9BQf.9j_aT4rY.pRVwyHVysz oEy4imvWk8hDFX57nc3thxFDMl3cl5_AgJl37xxmj4SBnY9yXh4ffi0RDRsn MiQY1IQVf6F.nkE6pApPZQDX7HvcV5qYXn513m91ahy8U_Y8bVizLI3v952J q5VKxvUYXyg_lcvGmPgmlZBa6TdEYFNHKyFIrLpasP4lDOtOJVNeYN5W7_78 6M1ujSDiUgUalSYgtLm5L6OVAlCe17jPkxYL2MeJEaa.AoOOD_F.GYZDDT7l TG3B5U4jssUFBcum0QLyINe3Xkub35zhltIg38IydkVQfZhHpLMAc4XRiDC7 pGrddW9Oj2pIkY.sJRdh_FEe5mw8kL47xyJhL.jT222uwFr8Km3mOjhQYIUX bW7gruNXP2kBQp31M.Cyhcq3e0.NXuVdOjyeYk6JZKZ8mELHXFJmNhpHsuQI 2bvcwQdJFD7Z5zmwUFGz9o8pi_bADUZ27kwWRMEat4U5B68lqF11HXZmvg3G iW.kvlb8YHU1vJgEAwSKdxdzTSbpUt8FJ9C9a65LZ.pYA93tE89EOd8RVO9X n8Nms1CRElm__6kyFuAFv7OuLNQOrp7H9o4bknGViwzuCdtuaHIXnIMe9A7x 1EsoAYnxFiG6bV4L1PNzTX0Kbmmc4dxZsu1Xh41F6l4-
    X-Originating-IP: 		[98.138.90.78]
    Authentication-Results: 		mta1354.mail.bf1.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
    Received: 		from 127.0.0.1 (HELO nm15.bullet.mail.ne1.yahoo.com) (98.138.90.78) by mta1354.mail.bf1.yahoo.com with SMTP; Thu, 04 Oct 2012 11:53:46 -0700
    Received: 		from [98.138.90.54] by nm15.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 18:53:45 -0000
    Received: 		from [98.138.89.174] by tm7.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 18:53:45 -0000
    Received: 		from [127.0.0.1] by omp1030.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 18:53:45 -0000
    X-Yahoo-Newman-Property: 		ymail-3
    X-Yahoo-Newman-Id: 		636703.67324.bm@omp1030.mail.ne1.yahoo.com
    Received: 		(qmail 2855 invoked by uid 60001); 4 Oct 2012 18:53:45 -0000
    DKIM-Signature: 		v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1349376825; bh=Xy8SnXya7pjJ4CV80+IYC08v3p4NouVtmXVzi8yIaYY=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=mUlwKlsCt/ejkbobulrN25Rs7k1u4b8PU8AV7lUxtMZM28AzxQu6l0dzUY1uvlOLRiXV16dsInGlCRkd6bborAvJHEWVCDhhj8xi0hPz/zdhTJwGqr8iLIeDWHMUX/5kqZXMWvRm6oPh7HWVE7GQIgBrqq3egW+WxoNTBiCeOPQ=
    DomainKey-Signature: 		a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=xqjMmb+itrTAIKERjUwIPEqPd5lpzBu9NdxHT3LXbAHM28qUx6VwBXdxtqMrDkU/T4N0JcL8F/V076JzdVVp2JZLH8FlihXQK86jsYzc6BEpgCZR9wl+dkFCxxrRFzo99iwUql1fjgjqurPMDtntmL/npq82/6R/abXZ+qeIk6I=;
    X-YMail-OSG: 		ZD0HixsVM1mF8Q59fsOHEkt7EAOfsMK11Ijt2zH4UcwD0fZ LaSb2hfNGO7wC0hbZNVA0wJ5Cy6V_PpAc0IDNaHVp8_jx.1dTJw7QjdNLUsk EF_D8k4IDNktWLFu5YfUqSwEKnHfUUjNLg2EuSY0CXvh6MtkVJYbQi1EquiL fuPS1RRAOF8xBHISKafPOdAaaya.KAPrCIB4xK_QWO6b8JLhu.NA08HTsyD3 fZJldyWFrQv56QeYtzpuUpIvvU4ix0_dezt6swjR3K5x8WgSOSWcEqlqaAfI u.N8MMtyUzJm.iuMREhQH6Midgm1LvMRRI9uYacPRlroCyAB7L4vaFS5Yrvf Uv7.CfI5E3ARM.KTsZC.1WKf2Eq3NIsuizMbMN1zb6ZqL72ai5AIWEj_1JVt 56OJPXatnVKeNp1qZcWtAFryALhaUNcQpjOEXmmtHsZiMkBaGuxMaCn.znza 4UL_u5GMHC1foFJ201BV2bSJO2qbzcIk7m2K17PCDILysjzpdSVICtD5_1Z. UIU.ITXUfPeIlbZmTlGCC29Qsm1_f_5AgNh1usb1y5hq7X5BAPh.KAaSk6Tl FUwTY6Awa2UYDtiUwrqaTr3SxhPh8jSEl9ZnMQiqFf.J26ld.Bhvu3Ebxr90 -
    Received: 		from [189.175.200.16] by web120505.mail.ne1.yahoo.com via HTTP; Thu, 04 Oct 2012 11:53:45 PDT
    X-Mailer: 		YahooMailWebService/0.8.122.442
    Message-ID: 		<1349376825.86122.YahooMailNeo@web120505.mail.ne1.yahoo.com>
    Date: 		Thu, 4 Oct 2012 11:53:45 -0700 (PDT)
    From: 		This sender is DomainKeys verified
    "me@yahoo.com" <me@yahoo.com>  
    View contact details
    Reply-To: 		"me@yahoo.com" <alvinmoneypit@yahoo.com>
    To: 		nels.lippert@wilmerhale.com, me@yahoo.com, 
    MIME-Version: 		1.0
    Content-Type: 		multipart/alternative; boundary="1874583742-1497240135-1349376825=:86122"
    Content-Length: 		639
    Last edited by lisati; October 7th, 2012 at 05:01 AM. Reason: Added code tags for readability
    Ubuntu 12.04.2_amd_64_LTS on Desktop run by Intel core I5 3570K on Asus P8Z77-V Pro MB

    Ubuntu 12.04 LTS on Lenovo N500 laptop

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •