<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:12pt"><div><span>my Yahoo account was hacked today.... so sorry to all. I think it's fixed now....</span></div><div></div><div> </div><div><font color="#4040ff" face="arial, helvetica, sans-serif"><font style="color: rgb(0, 0, 255);" size="3">Bill Pritchett<br>Souled Out Entertainment<br><font size="2">www.souledoutentertainment.biz</font><br style="color: rgb(0, 0, 255);"></font><font size="2"><span style="color: rgb(0, 0, 255); font-weight: bold;">765-744-9322</span><br style="color: rgb(0, 0, 255); font-weight: bold;"><span style="color: rgb(0, 0, 255); font-weight: bold;"><span style="color: rgb(0, 0, 255);"><br></span></span></font></font><br></div> <div style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font
size="2" face="Arial"> <div style="margin: 5px 0px; padding: 0px; border: 1px solid rgb(204, 204, 204); height: 0px; line-height: 0; font-size: 0px;" class="hr" contentEditable="false" readonly="true"></div> <b><span style="font-weight: bold;">From:</span></b> Tom Simes <simestd@netexpress.com><br> <b><span style="font-weight: bold;">To:</span></b> nsrca-discussion@lists.nsrca.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, February 11, 2013 4:27 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [NSRCA-discussion] Check This Out<br> </font> </div> <br>
On 02/11/13 08:29, Larry Diamond wrote:<br>> All Should Read...<br>> <br>> Tom,<br>> <br>> Please look deeper into this issue.<br>> <br>> I highly doubt it is Bill's e-mail account that was comprimised. Everyone on this list is most likely in somebody's contact list. <br><br>Hi Larry,<br><br>Spoofing implies that the headers of an e-mail message have been altered<br>to obfuscate (spoof) the origin of the message.<br><br>Yahoo! pioneered the use of DKIM in 2007<br>(http://tools.ietf.org/html/rfc4870) specifically to combat spoofing.<br>Not only did they author the original RFC, they even developed and<br>donated a reference implementation to the community.<br><br>The DKIM signed and verified headers of the offending e-mail indicate it<br>was sent using Yahoo!'s webmail interface from 75.99.138.194 at 08:33:52<br>PST. Regardless whether the deed was done via a trojan on the local<br>user's machine or via an
unauthorized 3rd party with the user's<br>credentials, the message was sent via the Yahoo! web interface using<br>Bill's account credentials.<br><br>In other words, this e-mail was not spoofed - although indications are<br>it was likely sent via a trojan. So folks, it's always a good idea to<br>have updated virus/trojan/malware protection installed. Knock on wood,<br>clamav should keep viruses from being propagated as attachments via the<br>list, but I'm not aware of a filter that will investigate URL links to<br>see if they are potentially malicious. If anyone knows of such a milter<br>that's supported by Postfix, hit me up!<br><br>My apologies for the non-pattern related content, If anyone would like<br>to explore this further, let's take if off list.<br><br>-- <br>Tom<br><br>======================================================================<br> "Z80 system stack overflow. Shut 'er down Scotty, she's<br>
sucking mud again!" - Error message on XENIX v3.0<br><br>Tom Simes <a href="mailto:simestd@netexpress.com" ymailto="mailto:simestd@netexpress.com">simestd@netexpress.com</a><br>======================================================================<br>_______________________________________________<br>NSRCA-discussion mailing list<br><a href="mailto:NSRCA-discussion@lists.nsrca.org" ymailto="mailto:NSRCA-discussion@lists.nsrca.org">NSRCA-discussion@lists.nsrca.org</a><br>http://lists.nsrca.org/mailman/listinfo/nsrca-discussion<br><br><br> </div> </div> </div></body></html>