Results 1 to 8 of 8

Thread: web based email breached?

Hybrid View

  1. #1
    Join Date
    Apr 2009
    Beans
    190
    Distro
    Ubuntu 12.04 Precise Pangolin

    web based email breached?

    Hi,

    I'm running Ubuntu 10.10 using Firefox 9.0.1. My Yahoo email was compromised the other day. Yahoo service says an IP address in Mexico corresponded with the attack. They got my contacts and spammed them - not just my address book, but everyone I ever contacted , which puzzles me as I use Yahoo classic mail, and the contacts are hidden I'm not sure how I can access them.

    Anyway, I was wondering if this was a vulnerability on my computer or was Yahoo compromised or perhaps my DNS server? I changed the password on my Yahoo account (which I've had for probably near 15 years).
    I don't see any damage to my system or files, perhaps they were just using me to spam. My computer hasn't been slowing down, however it refused to 'sleep' or hibernate until I rebooted, now it works as before.

    Is this anything I need to change besides the action I've already done (changing my password)? I run Clam TK and have configured the firewall well before this breach. Sorry I don't know more about security and counter measures.

    Below is the header of one of the emails:

    Code:
    X-Apparently-To: 		me@yahoo.com via 98.138.85.242; Thu, 04 Oct 2012 11:53:47 -0700
    Return-Path: 		<me@yahoo.com>
    Received-SPF: 		none (domain of yahoo.com does not designate permitted sender hosts) aW5zL2FkZC1mcm9tLXNlcnZlci9pbmZvLnBocD9hdHRhY2hlZDI2MS5qcGcg ATABAQEBA3RleHQvcGxhaW4DAzACA3RleHQvaHRtbAMDMQ--
    X-YMailISG: 		upabsv8WLDuP_W0fOHF2.B9WkwobM8JRzutq6rgLnwBEx.NN 3sNQnt5h1noZYVuC25mAsGc.aYo8jVoMve3nQ8fnRnaUGusMenXLMZYVVKYO oMxDkgp_sMAkssQW4MGmfGMna58uhLvs7Av3cYxo8vXx1UlWDR6HwmxxzzR8 _CLTuqvkaLdvOZ5hjIAKlGffsa6fjdyEsfP1wSCpLPMgXCP7nbnYeCtncBFC DnE.G69z68xIhjrqV2WkBzH23PXLrkdt0YPVP6RldWA0paBhESfhuiCxFklc .4HHLfDv4Xk9eq.Ol9HXbq_2A..frkktWuzdu1mesVvaPegcSfr3cBD1qOmf avq.SLb2b88_wJWrc2Qt8nJLnDCyxPlc6w5Sr1wWX98KQizdK3WdJcfaKpnR .9iL7lJIWiuNQ8FcM9H7dPuKZ_QCBua5V55I9BQf.9j_aT4rY.pRVwyHVysz oEy4imvWk8hDFX57nc3thxFDMl3cl5_AgJl37xxmj4SBnY9yXh4ffi0RDRsn MiQY1IQVf6F.nkE6pApPZQDX7HvcV5qYXn513m91ahy8U_Y8bVizLI3v952J q5VKxvUYXyg_lcvGmPgmlZBa6TdEYFNHKyFIrLpasP4lDOtOJVNeYN5W7_78 6M1ujSDiUgUalSYgtLm5L6OVAlCe17jPkxYL2MeJEaa.AoOOD_F.GYZDDT7l TG3B5U4jssUFBcum0QLyINe3Xkub35zhltIg38IydkVQfZhHpLMAc4XRiDC7 pGrddW9Oj2pIkY.sJRdh_FEe5mw8kL47xyJhL.jT222uwFr8Km3mOjhQYIUX bW7gruNXP2kBQp31M.Cyhcq3e0.NXuVdOjyeYk6JZKZ8mELHXFJmNhpHsuQI 2bvcwQdJFD7Z5zmwUFGz9o8pi_bADUZ27kwWRMEat4U5B68lqF11HXZmvg3G iW.kvlb8YHU1vJgEAwSKdxdzTSbpUt8FJ9C9a65LZ.pYA93tE89EOd8RVO9X n8Nms1CRElm__6kyFuAFv7OuLNQOrp7H9o4bknGViwzuCdtuaHIXnIMe9A7x 1EsoAYnxFiG6bV4L1PNzTX0Kbmmc4dxZsu1Xh41F6l4-
    X-Originating-IP: 		[98.138.90.78]
    Authentication-Results: 		mta1354.mail.bf1.yahoo.com from=yahoo.com; domainkeys=pass (ok); from=yahoo.com; dkim=pass (ok)
    Received: 		from 127.0.0.1 (HELO nm15.bullet.mail.ne1.yahoo.com) (98.138.90.78) by mta1354.mail.bf1.yahoo.com with SMTP; Thu, 04 Oct 2012 11:53:46 -0700
    Received: 		from [98.138.90.54] by nm15.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 18:53:45 -0000
    Received: 		from [98.138.89.174] by tm7.bullet.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 18:53:45 -0000
    Received: 		from [127.0.0.1] by omp1030.mail.ne1.yahoo.com with NNFMP; 04 Oct 2012 18:53:45 -0000
    X-Yahoo-Newman-Property: 		ymail-3
    X-Yahoo-Newman-Id: 		636703.67324.bm@omp1030.mail.ne1.yahoo.com
    Received: 		(qmail 2855 invoked by uid 60001); 4 Oct 2012 18:53:45 -0000
    DKIM-Signature: 		v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1349376825; bh=Xy8SnXya7pjJ4CV80+IYC08v3p4NouVtmXVzi8yIaYY=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=mUlwKlsCt/ejkbobulrN25Rs7k1u4b8PU8AV7lUxtMZM28AzxQu6l0dzUY1uvlOLRiXV16dsInGlCRkd6bborAvJHEWVCDhhj8xi0hPz/zdhTJwGqr8iLIeDWHMUX/5kqZXMWvRm6oPh7HWVE7GQIgBrqq3egW+WxoNTBiCeOPQ=
    DomainKey-Signature: 		a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=xqjMmb+itrTAIKERjUwIPEqPd5lpzBu9NdxHT3LXbAHM28qUx6VwBXdxtqMrDkU/T4N0JcL8F/V076JzdVVp2JZLH8FlihXQK86jsYzc6BEpgCZR9wl+dkFCxxrRFzo99iwUql1fjgjqurPMDtntmL/npq82/6R/abXZ+qeIk6I=;
    X-YMail-OSG: 		ZD0HixsVM1mF8Q59fsOHEkt7EAOfsMK11Ijt2zH4UcwD0fZ LaSb2hfNGO7wC0hbZNVA0wJ5Cy6V_PpAc0IDNaHVp8_jx.1dTJw7QjdNLUsk EF_D8k4IDNktWLFu5YfUqSwEKnHfUUjNLg2EuSY0CXvh6MtkVJYbQi1EquiL fuPS1RRAOF8xBHISKafPOdAaaya.KAPrCIB4xK_QWO6b8JLhu.NA08HTsyD3 fZJldyWFrQv56QeYtzpuUpIvvU4ix0_dezt6swjR3K5x8WgSOSWcEqlqaAfI u.N8MMtyUzJm.iuMREhQH6Midgm1LvMRRI9uYacPRlroCyAB7L4vaFS5Yrvf Uv7.CfI5E3ARM.KTsZC.1WKf2Eq3NIsuizMbMN1zb6ZqL72ai5AIWEj_1JVt 56OJPXatnVKeNp1qZcWtAFryALhaUNcQpjOEXmmtHsZiMkBaGuxMaCn.znza 4UL_u5GMHC1foFJ201BV2bSJO2qbzcIk7m2K17PCDILysjzpdSVICtD5_1Z. UIU.ITXUfPeIlbZmTlGCC29Qsm1_f_5AgNh1usb1y5hq7X5BAPh.KAaSk6Tl FUwTY6Awa2UYDtiUwrqaTr3SxhPh8jSEl9ZnMQiqFf.J26ld.Bhvu3Ebxr90 -
    Received: 		from [189.175.200.16] by web120505.mail.ne1.yahoo.com via HTTP; Thu, 04 Oct 2012 11:53:45 PDT
    X-Mailer: 		YahooMailWebService/0.8.122.442
    Message-ID: 		<1349376825.86122.YahooMailNeo@web120505.mail.ne1.yahoo.com>
    Date: 		Thu, 4 Oct 2012 11:53:45 -0700 (PDT)
    From: 		This sender is DomainKeys verified
    "me@yahoo.com" <me@yahoo.com>  
    View contact details
    Reply-To: 		"me@yahoo.com" <alvinmoneypit@yahoo.com>
    To: 		nels.lippert@wilmerhale.com, me@yahoo.com, 
    MIME-Version: 		1.0
    Content-Type: 		multipart/alternative; boundary="1874583742-1497240135-1349376825=:86122"
    Content-Length: 		639
    Last edited by lisati; October 7th, 2012 at 05:01 AM. Reason: Added code tags for readability
    Ubuntu 12.04.2_amd_64_LTS on Desktop run by Intel core I5 3570K on Asus P8Z77-V Pro MB

    Ubuntu 12.04 LTS on Lenovo N500 laptop

  2. #2
    Join Date
    Apr 2009
    Beans
    190
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: web based email breached?

    Sorry about the icons in my header quote, the shortcuts must be in the original and I don't know how to prevent them from appearing.
    Ubuntu 12.04.2_amd_64_LTS on Desktop run by Intel core I5 3570K on Asus P8Z77-V Pro MB

    Ubuntu 12.04 LTS on Lenovo N500 laptop

  3. #3
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: web based email breached?

    Quote Originally Posted by alvinmoneypit View Post
    Sorry about the icons in my header quote, the shortcuts must be in the original and I don't know how to prevent them from appearing.
    "fixed" that for you by adding "code" tags.

    Change your email password a.s.a.p.!!!!!!!

    If the X-mailer header was something other than a fairly standard Yahoo webmail header, I'd suggest running the headers through a tool such as http://whatismyipaddress.com/trace-email or Spamcop's reporting service to help you track down the sender.
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  4. #4
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: web based email breached?

    It may be possible that your machine has been compromised in some way.

    Ubuntu 10.10 reached end-of-life 6 months ago and as such hasn't received any support or security updates for all of this time. Your browser and OS will have been unprotected from any newly discovered exploits and security vulnerabilities.
    Cheesemill

  5. #5
    Join Date
    May 2010
    Location
    Australia
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: web based email breached?

    If you've been a long time user of Yahoo email then you would have also noticed the sudden rise of spam in your inbox over the last 12 months,
    including the almost monthly 'user survey' from Yahoo asking you to "tell them how they're doing".
    Let me tell you, there's nobody home at Yahoo.
    The lights may be on but Yahoo has become nothing more than a clearing house for CEO's. Is it 5 now in 6 years?

    Many people have concerns about sharing their personal data with Google.
    On the other hand, Yahoo via incompetence shares your data with everyone.

    Find yourself a new web-mail account .

  6. #6
    Join Date
    Feb 2006
    Beans
    457

    Re: web based email breached?

    alvinmoneypit, A change may well be in order, If your data is backed up then would you consider at least a fresh 12.04 install with all that accrues from the security updates? As for your email you may well wish to consider moving to Gmail (Privacy T&C), Gmail offers import tools that allow you to load an address from you last email provider. I would also ask you to consider Mozilla Thunderbird (+Enigmail) on you nice new system as I have found that the spam catching powers of Gmail and Thunderbird work rather well together.

    When using Gmail I have only the Gmail service open, I do not allow Google to connect email accounts, products and services together and upon ending a Gmail session I close or flush the browser and open again for other business. Google do read you mail but it is done in the chance or matching keywords with advertisers, just learn to ignore the few adverts that do appear. If you wish to be secure than conduct all email exchange via Thunderbird Enigmail (gnupg encryption).

    Remember, Google look at your key words for advertising revenue but security people look at un encrypted headers to see who you are in contact with and this is common to most if not all email systems.

    All the best with you new secure & spam free system.

    PS Be sure to use a long, strong password. Longer & stronger the better.
    Last edited by tubbygweilo; October 7th, 2012 at 02:04 PM. Reason: passwordlength

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •