[Boatanchors] Yahoo OR any web based Email

rbethman rbethman at comcast.net
Thu Jan 31 14:58:44 EST 2013 

List:

It is actually more complicated than this.

When using *ANY* WEB Based E-mail, you ARE on that System.

The Malware folks have already hit them and you NOW get the "Bot" *cookie*.

The REAL solution is to use something like Thunderbird as a CLIENT!  Do 
NOT operate in a Web Based Environment!  The setup of the client will 
read your messages.  It will delete them from the server.

1) Install the mentioned client OR one of your choice.

         Absolutely do NOT use any form or version of OUTLOOK! Windows 
systems with Outlook will AUTOMATICALLY run any script in an opened message!

     It is executed by "wscript.exe"!

I keep my address book *ONLY* on the desktop/laptop.

2) Once using your client, GO BACK TO YOUR Web Based E-mail - DELETE 
your ADDRESS BOOK!

3) Absolutely NEVER set your browser to remember you UNLESS you use 
IDVAULT or ConstantGuard to lock your password on YOUR machine - These 
open the "link" with HTTPS and then you have the IDVAULT or 
ConstantGuard (Yes - Others do the same thing!), and use your password 
locked on your computer - you either MUST use a Master Password or a PIN 
that you have set to be entered by you.

I helped <w1ksz at earthlink.net> , Richard W. Solomon, do just what I have 
outlined.  He NO LONGER has any issues.

I indeed have a BSCS, Computer Scientist, degree, along with others, and 
have worked at the Five-Sided Puzzle Palace as an E-Mail Administrator 
and SYSADMIN.

A handful of us spent days removing Virii from Exchange and Outlook when 
ONE SINGLE High Ranking person simply opened ONE SINGLE message.

Now you have what is going on - how it happens, and a *REAL* solution to 
put in place.

Write Richard yourself!  Ask him what he and I worked through, and NOW 
have him running WITHOUT exposure to this MALWARE Cookie issue.

Bob - N0DGN (Originally KA4PBD - Checked wrong box on FCC-610 when 
changed address - DUH!)

On 1/31/2013 2:08 PM, J. Forster wrote:
> In addition to the PW theft I posted about yeszterday, there seems to be
> another issue with Yahoo webmail accounts. It works like this:
>
> Yahoo user logs into their webmail account. Yahoo sets a Cookie, allowing
> user to return to that account without another login.
>
> User is done with email, and goes off to surf or clicks some link, and
> winds up at a malicious site. That site downloads the Yahoo-set Cookie.
>
> User goes off and does other things.
>
> Malware site uses the Yahoo Cookie to log into the user's account and
> Yahoo grants full access- the malicious user has the correct cookie after
> all. Once in, the malware can spam email the user's entire Address Book,
> read the user's email, or anything else. The malicious uswer has full
> access.
>
> See:
>
> http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/
>
> The solution to this attack is to not click any links or go surfing
> anywhere, while logged into your Yahoo account. I( know it's a PITA, but
> blame the hackers and spammers.
>
> FWIW,
>
> -John
>

More information about the Boatanchors mailing list