[Boatanchors] Boatanchors hey

D C _Mac_ Macdonald k2gkk at hotmail.com
Mon Nov 12 11:24:01 EST 2012 

I have a "Cache and Cookie Washer" program (from Webroot) 
that runs on an hourly basis. Is that likely to help 
prevent these attacks? 
 
* * * * * * * * * * * 
* 73 - Mac, K2GKK/5 * 
* (Since 30 Nov 53) * 
* k2gkk at hotmail.com * 
* Oklahoma City, OK * 
* USAF & FAA (Ret.) * 
* * * * * * * * * * * 
 
 
 


 

> Date: Mon, 12 Nov 2012 09:57:05 -0500
> From: lists at w1nr.net
> To: boatanchors at mailman.qth.net
> Subject: Re: [Boatanchors] Boatanchors hey
> 
> On 11/12/2012 09:11 AM, jeff wrote:
> > On 11/12/2012 07:24 AM, David Stinson wrote:
> >>
> >> ----- Original Message -----
> >> From: <w1ksz at earthlink.net>
> >> To: "Boatanchors" <boatanchors at mailman.qth.net>
> >>
> >>> Boatanchors start now so you wont regret wasting time later
> >>> http://msnbc.msn.MUNGMUNGMUNG
> >>
> >> There seem to be a lot of botted users on our boatanchor
> >> and milsurplus lists.
> >> Guys, please. Get a good free trial Malware program like
> >> http://www.malwarebytes.org/
> >
> > The majority of these hacks are account hacks, not local ones.
> > And the majority of these are Yahoo. Strong passwords recommended.
> >
> > Good advice otherwise.
> >
> >
> Actually, these exploit a vulnerability in many of the public email 
> accounts like yahoo, gmail and hotmail. Generally, you leave your 
> account "logged in" as you use your browser. Following the link in the 
> email exploits the fact that you are already logged in and uses the 
> login cookies and service API's to execute code that sends email through 
> that account, usually to everyone in your address book. Strong passwords 
> are no help at all. Most anti virus will not detect it since it doesn't 
> affect your local hard drive. I think there are some browser plugins 
> from the more advanced "Internet Security" products that will block it, 
> but the only sure cure is to not follow the link or not to use the 
> "free" email accounts.
> And before you "gurus" sound in and say it can't happen in Linux, better 
> look again because the same vulnerable mechanism exists in the Linux 
> versions of the Firefox browser and has absolutely no regard to any OS 
> you happen to run.
> 
> Mike, W1NR

More information about the Boatanchors mailing list