[NSRCA-discussion] Check This Out

Bill Pritchett billpritch at yahoo.com
Mon Feb 11 13:00:34 AKST 2013


my Yahoo account was hacked today.... so sorry to all.  I think it's fixed now....


Bill Pritchett
Souled Out Entertainment
www.souledoutentertainment.biz
765-744-9322


 

________________________________
 From: Tom Simes <simestd at netexpress.com>
To: nsrca-discussion at lists.nsrca.org 
Sent: Monday, February 11, 2013 4:27 PM
Subject: Re: [NSRCA-discussion] Check This Out
  
On 02/11/13 08:29, Larry Diamond wrote:
> All Should Read...
>  
> Tom,
>  
> Please look deeper into this issue.
>  
> I highly doubt it is Bill's e-mail account that was comprimised. Everyone on this list is most likely in somebody's contact list. 

Hi Larry,

Spoofing implies that the headers of an e-mail message have been altered
to obfuscate (spoof) the origin of the message.

Yahoo! pioneered the use of DKIM in 2007
(http://tools.ietf.org/html/rfc4870) specifically to combat spoofing.
Not only did they author the original RFC, they even developed and
donated a reference implementation to the community.

The DKIM signed and verified headers of the offending e-mail indicate it
was sent using Yahoo!'s webmail interface from 75.99.138.194 at 08:33:52
PST.  Regardless whether the deed was done via a trojan on the local
user's machine or via an unauthorized 3rd party with the user's
credentials, the message was sent via the Yahoo! web interface using
Bill's account credentials.

In other words, this e-mail was not spoofed - although indications are
it was likely sent via a trojan.  So folks, it's always a good idea to
have updated virus/trojan/malware protection installed.  Knock on wood,
clamav should keep viruses from being propagated as attachments via the
list, but I'm not aware of a filter that will investigate URL links to
see if they are potentially malicious.  If anyone knows of such a milter
that's supported by Postfix, hit me up!

My apologies for the non-pattern related content,  If anyone would like
to explore this further, let's take if off list.

-- 
Tom

======================================================================
   "Z80 system stack overflow.  Shut 'er down Scotty, she's
         sucking mud again!" - Error message on XENIX v3.0

Tom Simes                                      simestd at netexpress.com
======================================================================
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nsrca.org/pipermail/nsrca-discussion/attachments/20130211/c9a2d3a3/attachment.html>


More information about the NSRCA-discussion mailing list