[Boatanchors] Yahoo OR any web based Email

Al Klase ark at ar88.net
Thu Jan 31 15:57:52 EST 2013 

I also see stuff from AOL on my lists. - Al


On 1/31/2013 3:28 PM, J. Forster wrote:
> The fact is, I have seen scores of Yahoo account spams on the groups I own
> and/or administer, and zero from Gmail or others. Most have never been
> posted.
>
> YMMV,
>
> -John
>
> ==================
>
>
>
>
>
>> List:
>>
>> It is actually more complicated than this.
>>
>> When using *ANY* WEB Based E-mail, you ARE on that System.
>>
>> The Malware folks have already hit them and you NOW get the "Bot"
>> *cookie*.
>>
>> The REAL solution is to use something like Thunderbird as a CLIENT!  Do
>> NOT operate in a Web Based Environment!  The setup of the client will
>> read your messages.  It will delete them from the server.
>>
>> 1) Install the mentioned client OR one of your choice.
>>
>>           Absolutely do NOT use any form or version of OUTLOOK! Windows
>> systems with Outlook will AUTOMATICALLY run any script in an opened
>> message!
>>
>>       It is executed by "wscript.exe"!
>>
>> I keep my address book *ONLY* on the desktop/laptop.
>>
>> 2) Once using your client, GO BACK TO YOUR Web Based E-mail - DELETE
>> your ADDRESS BOOK!
>>
>> 3) Absolutely NEVER set your browser to remember you UNLESS you use
>> IDVAULT or ConstantGuard to lock your password on YOUR machine - These
>> open the "link" with HTTPS and then you have the IDVAULT or
>> ConstantGuard (Yes - Others do the same thing!), and use your password
>> locked on your computer - you either MUST use a Master Password or a PIN
>> that you have set to be entered by you.
>>
>> I helped <w1ksz at earthlink.net> , Richard W. Solomon, do just what I have
>> outlined.  He NO LONGER has any issues.
>>
>> I indeed have a BSCS, Computer Scientist, degree, along with others, and
>> have worked at the Five-Sided Puzzle Palace as an E-Mail Administrator
>> and SYSADMIN.
>>
>> A handful of us spent days removing Virii from Exchange and Outlook when
>> ONE SINGLE High Ranking person simply opened ONE SINGLE message.
>>
>> Now you have what is going on - how it happens, and a *REAL* solution to
>> put in place.
>>
>> Write Richard yourself!  Ask him what he and I worked through, and NOW
>> have him running WITHOUT exposure to this MALWARE Cookie issue.
>>
>> Bob - N0DGN (Originally KA4PBD - Checked wrong box on FCC-610 when
>> changed address - DUH!)
>>
>> On 1/31/2013 2:08 PM, J. Forster wrote:
>>> In addition to the PW theft I posted about yeszterday, there seems to be
>>> another issue with Yahoo webmail accounts. It works like this:
>>>
>>> Yahoo user logs into their webmail account. Yahoo sets a Cookie,
>>> allowing
>>> user to return to that account without another login.
>>>
>>> User is done with email, and goes off to surf or clicks some link, and
>>> winds up at a malicious site. That site downloads the Yahoo-set Cookie.
>>>
>>> User goes off and does other things.
>>>
>>> Malware site uses the Yahoo Cookie to log into the user's account and
>>> Yahoo grants full access- the malicious user has the correct cookie
>>> after
>>> all. Once in, the malware can spam email the user's entire Address Book,
>>> read the user's email, or anything else. The malicious uswer has full
>>> access.
>>>
>>> See:
>>>
>>> http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-account/
>>>
>>> The solution to this attack is to not click any links or go surfing
>>> anywhere, while logged into your Yahoo account. I( know it's a PITA, but
>>> blame the hackers and spammers.
>>>
>>> FWIW,
>>>
>>> -John
>>>
>> ______________________________________________________________
>> Boatanchors mailing list
>> Home: http://mailman.qth.net/mailman/listinfo/boatanchors
>> Help: http://mailman.qth.net/mmfaq.htm
>> Post: mailto:Boatanchors at mailman.qth.net
>>
>> List Administrator: Duane Fischer, W8DBF
>> ** For Assistance: dfischer at usol.com **
>>
>>
>> This list hosted by: http://www.qsl.net
>> Please help support this email list: http://www.qsl.net/donate.html
>>
>>
>
> ______________________________________________________________
> Boatanchors mailing list
> Home: http://mailman.qth.net/mailman/listinfo/boatanchors
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:Boatanchors at mailman.qth.net
>
> List Administrator: Duane Fischer, W8DBF
> ** For Assistance: dfischer at usol.com **
>
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1430 / Virus Database: 2639/5570 - Release Date: 01/31/13

-- 
Al Klase - N3FRQ
Jersey City, NJ
http://www.skywaves.ar88.net/

More information about the Boatanchors mailing list