[Boatanchors] Yahoo OR any web based Email

Thu Jan 31 15:28:00 EST 2013

The fact is, I have seen scores of Yahoo account spams on the groups I own
and/or administer, and zero from Gmail or others. Most have never been
posted.

YMMV,

-John

==================

> List:
>
> It is actually more complicated than this.
>
> When using *ANY* WEB Based E-mail, you ARE on that System.
>
> The Malware folks have already hit them and you NOW get the "Bot"
> *cookie*.
>
> The REAL solution is to use something like Thunderbird as a CLIENT!  Do
> NOT operate in a Web Based Environment!  The setup of the client will
> read your messages.  It will delete them from the server.
>
> 1) Install the mentioned client OR one of your choice.
>
>          Absolutely do NOT use any form or version of OUTLOOK! Windows
> systems with Outlook will AUTOMATICALLY run any script in an opened
> message!
>
>      It is executed by "wscript.exe"!
>
> I keep my address book *ONLY* on the desktop/laptop.
>
> 2) Once using your client, GO BACK TO YOUR Web Based E-mail - DELETE
> your ADDRESS BOOK!
>
> 3) Absolutely NEVER set your browser to remember you UNLESS you use
> IDVAULT or ConstantGuard to lock your password on YOUR machine - These
> open the "link" with HTTPS and then you have the IDVAULT or
> ConstantGuard (Yes - Others do the same thing!), and use your password
> locked on your computer - you either MUST use a Master Password or a PIN
> that you have set to be entered by you.
>
> I helped <w1ksz at earthlink.net> , Richard W. Solomon, do just what I have
> outlined.  He NO LONGER has any issues.
>
> I indeed have a BSCS, Computer Scientist, degree, along with others, and
> have worked at the Five-Sided Puzzle Palace as an E-Mail Administrator
> and SYSADMIN.
>
> A handful of us spent days removing Virii from Exchange and Outlook when
> ONE SINGLE High Ranking person simply opened ONE SINGLE message.
>
> Now you have what is going on - how it happens, and a *REAL* solution to
> put in place.
>
> Write Richard yourself!  Ask him what he and I worked through, and NOW
> have him running WITHOUT exposure to this MALWARE Cookie issue.
>
> Bob - N0DGN (Originally KA4PBD - Checked wrong box on FCC-610 when
> changed address - DUH!)
>
> On 1/31/2013 2:08 PM, J. Forster wrote:
>> In addition to the PW theft I posted about yeszterday, there seems to be
>> another issue with Yahoo webmail accounts. It works like this:
>>
>> Yahoo user logs into their webmail account. Yahoo sets a Cookie,
>> allowing
>> user to return to that account without another login.
>>
>> User is done with email, and goes off to surf or clicks some link, and
>> winds up at a malicious site. That site downloads the Yahoo-set Cookie.
>>
>> User goes off and does other things.
>>
>> Malware site uses the Yahoo Cookie to log into the user's account and
>> Yahoo grants full access- the malicious user has the correct cookie
>> after
>> all. Once in, the malware can spam email the user's entire Address Book,
>> read the user's email, or anything else. The malicious uswer has full
>> access.
>>
>> See:
>>
>> http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/
>>
>> The solution to this attack is to not click any links or go surfing
>> anywhere, while logged into your Yahoo account. I( know it's a PITA, but
>> blame the hackers and spammers.
>>
>> FWIW,
>>
>> -John
>>
>
> ______________________________________________________________
> Boatanchors mailing list
> Home: http://mailman.qth.net/mailman/listinfo/boatanchors
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:Boatanchors at mailman.qth.net
>
> List Administrator: Duane Fischer, W8DBF
> ** For Assistance: dfischer at usol.com **
>
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
>
>