web based email breached?

**alvinmoneypit** · October 7th, 2012

Hi,

I'm running Ubuntu 10.10 using Firefox 9.0.1. My Yahoo email was compromised the other day. Yahoo service says an IP address in Mexico corresponded with the attack. They got my contacts and spammed them - not just my address book, but everyone I ever contacted , which puzzles me as I use Yahoo classic mail, and the contacts are hidden I'm not sure how I can access them.

Anyway, I was wondering if this was a vulnerability on my computer or was Yahoo compromised or perhaps my DNS server? I changed the password on my Yahoo account (which I've had for probably near 15 years).
I don't see any damage to my system or files, perhaps they were just using me to spam. My computer hasn't been slowing down, however it refused to 'sleep' or hibernate until I rebooted, now it works as before.

Is this anything I need to change besides the action I've already done (changing my password)? I run Clam TK and have configured the firewall well before this breach. Sorry I don't know more about security and counter measures.

Below is the header of one of the emails:

Code:

Received-SPF: 		none (domain of yahoo.com does not designate permitted sender hosts) aW5zL2FkZC1mcm9tLXNlcnZlci9pbmZvLnBocD9hdHRhY2hlZDI2MS5qcGcg ATABAQEBA3RleHQvcGxhaW4DAzACA3RleHQvaHRtbAMDMQ--
DomainKey-Signature: 		a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=xqjMmb+itrTAIKERjUwIPEqPd5lpzBu9NdxHT3LXbAHM28qUx6VwBXdxtqMrDkU/T4N0JcL8F/V076JzdVVp2JZLH8FlihXQK86jsYzc6BEpgCZR9wl+dkFCxxrRFzo99iwUql1fjgjqurPMDtntmL/npq82/6R/abXZ+qeIk6I=;
Message-ID: 		<1349376825.86122.YahooMailNeo@web120505.mail.ne1.yahoo.com>
Date: 		Thu, 4 Oct 2012 11:53:45 -0700 (PDT)
From: 		This sender is DomainKeys verified
"me@yahoo.com" <me@yahoo.com>  
View contact details
Reply-To: 		"me@yahoo.com" <alvinmoneypit@yahoo.com>
To: 		nels.lippert@wilmerhale.com, me@yahoo.com, 
MIME-Version: 		1.0
Content-Type: 		multipart/alternative; boundary="1874583742-1497240135-1349376825=:86122"
Content-Length: 		639

**alvinmoneypit** · October 7th, 2012

Sorry about the icons in my header quote, the shortcuts must be in the original and I don't know how to prevent them from appearing.

**lisati** · October 7th, 2012

Originally Posted by alvinmoneypit

Sorry about the icons in my header quote, the shortcuts must be in the original and I don't know how to prevent them from appearing.

"fixed" that for you by adding "code" tags.

Change your email password a.s.a.p.!!!!!!!

If the X-mailer header was something other than a fairly standard Yahoo webmail header, I'd suggest running the headers through a tool such as http://whatismyipaddress.com/trace-email or Spamcop's reporting service to help you track down the sender.

**Cheesemill** · October 7th, 2012

It may be possible that your machine has been compromised in some way.

Ubuntu 10.10 reached end-of-life 6 months ago and as such hasn't received any support or security updates for all of this time. Your browser and OS will have been unprotected from any newly discovered exploits and security vulnerabilities.

**bra|10n** · October 7th, 2012

If you've been a long time user of Yahoo email then you would have also noticed the sudden rise of spam in your inbox over the last 12 months,
including the almost monthly 'user survey' from Yahoo asking you to "tell them how they're doing".
Let me tell you, there's nobody home at Yahoo.
The lights may be on but Yahoo has become nothing more than a clearing house for CEO's. Is it 5 now in 6 years?

Many people have concerns about sharing their personal data with Google.
On the other hand, Yahoo via incompetence shares your data with everyone.

Find yourself a new web-mail account

.

**tubbygweilo** · October 7th, 2012

alvinmoneypit, A change may well be in order, If your data is backed up then would you consider at least a fresh 12.04 install with all that accrues from the security updates? As for your email you may well wish to consider moving to Gmail (Privacy T&C), Gmail offers import tools that allow you to load an address from you last email provider. I would also ask you to consider Mozilla Thunderbird (+Enigmail) on you nice new system as I have found that the spam catching powers of Gmail and Thunderbird work rather well together.

When using Gmail I have only the Gmail service open, I do not allow Google to connect email accounts, products and services together and upon ending a Gmail session I close or flush the browser and open again for other business. Google do read you mail but it is done in the chance or matching keywords with advertisers, just learn to ignore the few adverts that do appear. If you wish to be secure than conduct all email exchange via Thunderbird Enigmail (gnupg encryption).

Remember, Google look at your key words for advertising revenue but security people look at un encrypted headers to see who you are in contact with and this is common to most if not all email systems.

All the best with you new secure & spam free system.

PS Be sure to use a long, strong password. Longer & stronger the better.