|
Carol Haynes
|
 |
« on: March 04, 2013, 02:28:48 PM » |
|
Had a deluge of calls from customers today panicking about spam sent from their email account to everyone in their address book. The common factor was that the email service was provided by the UK telecom BT, which in turn uses Yahoo mail for its none business customers. All of them had their accounts accessed from Yahoo! Mobile in various parts of the world (S. Korea, Vietnam, Netherlands, El Salavdor and more) over the weekend so it looks like either Yahoo's account, email or mobile services have been compromised. In their usual style BT are claiming it is customers not providing good passwords or leaving them lying around (though how someone in Korea could guess both an email address and the corresponding password in the UK beats me) and Yahoo are conspicuous by their silence on the subject. Hunting round the internet I found this article: http://resources.avg.com....ra-email-accounts-hacked/seems it has now spread to other areas. If you have a Yahoo email account (or a Yahoo powered account from a partner) check you login history via this link: https://api.login.yahoo.com/login/historyusing your normal email account details. As a precaution you might want to change your password as a matter of urgency !!! I have always found Yahoo's mail servers to be particularly irksome, only rivalled by the amount of crap and irritation delivered by Hotmail.
I use BT myself and gave up with the email address years ago as I had spam in it before I even logged in on day 1.
Yahoo's spam filter is total rubbish letting loads of spam through and blocking loads of genuine mail. If sensibly you use POP to access you account the default setting block all perceived spam so you don't even see you mis-classified genuine mail - and most customers don't know how to fix that.
Every iteration of their awful webmail system just seems to get worse and worse, even to the point of needing ActiveX controls in IE to attach files.
If you use Yahoo I would thoroughly recommend setting up your own email address and give yourself control over it. The advantages are portability, not having to use bug ridden and security flawed systems and control. OK you will probably have to pay for a domain name and some hosting but it doesn't cost a lot and is a hell of a lot more predictable and flexible!
|
|
|
|
|
Logged
|
|
|
|
|
kyrathaba
|
|
« Reply #1 on: March 04, 2013, 02:42:43 PM » |
|
though how someone in Korea could guess both an email address and the corresponding password in the UK beats me) Easy... lordbyron@yahoo.compassword: careforaspotoftea  |
|
|
|
|
Logged
|
Win 7 Home Premium 64bit-SP1 AMD Athlon II X2 220 Socket AM3 (938) @ 2.1GHz 6GB RAM Firefox 20.0 _________________________________________________________________________________________ I'm fighting against patent trolls. Join me and tell your representative to support the #SHIELDAct: https://eff.org/r.b6JJ /via @EFF http://kyrathaba.dcmembers.com/donate.htm |
|
|
|
Tinman57
|
|
« Reply #2 on: March 04, 2013, 08:06:05 PM » |
|
I can't figure out why anyone would use a yahoo or hotmail account anyway, unless they just wanted a throw-away account for some reason. I've never seen an ISP that didn't already give you anywhere from 5 to 15 email addresses with the internet service. All you have to do is log on to your account and set up your email address(s). Then you can use your own spam filters or anti-spam software. I use MailWasher Pro to wash all the crap from my email account BEFORE I download my emails from my POP3 server. But, that's just me....
|
|
|
|
|
Logged
|
((((TINMAN))))
|
|
|
|
|
IainB
|
|
« Reply #3 on: March 04, 2013, 09:55:49 PM » |
|
@Carol Haynes: Thanks for the heads-up. Why am I not surprised?
The NZ Telecom/Yahoo accounts were hacked a couple of days ago. I have had a proprietary NZ Telcom ISP email address for years - one that I rarely need to use. When NZ Telecom tried to get everyone to migrate their email accounts to Yahoo, I could see that probably nothing but trouble was likely to come of it, so I kept my original email account and avoided the Yahoo one. (Fortunately for me, it appears.)
Since then it has become evident that Yahoo's so-called "service" is a euphemism, and I am glad I kept out of it. This latest hack just seems to be par for the course.
|
|
|
|
|
Logged
|
|
|
|
|
Carol Haynes
|
|
« Reply #4 on: March 05, 2013, 02:44:07 AM » |
|
I can't figure out why anyone would use a yahoo or hotmail account anyway, unless they just wanted a throw-away account for some reason. I've never seen an ISP that didn't already give you anywhere from 5 to 15 email addresses with the internet service. All you have to do is log on to your account and set up your email address(s). Then you can use your own spam filters or anti-spam software. I use MailWasher Pro to wash all the crap from my email account BEFORE I download my emails from my POP3 server. But, that's just me....
Simple a number of ISPs farm out their email to Yahoo to deal with. BT (the largest telco in the UK) does this for domestic customers. The email address is name@btinternet.com or similar (there are variations on the domain) but at the end of the day it is a yahoo account. Its exactly the same as organisations contracting their email to Google - a friend of mine has a school email address, she goes to the school website to login to webmail and although there is some customisation of the colour scheme and layout you can see instantly that it is a gmail account. It's only going to get worse as consumers are pushed to cloud services - hell if you buy a Windows 8 machine most people seem to think that HAVE to sign up for a Windows Live (aka hotmail) account and have their machine permanently linked to Microsoft's servers. What is really worrying with all these systems is the increase in successful hacking - I you use something like hotmail as your account for Windows 8 and end up syncing personal stuff to the cloud and hacking on that server won't just allow the spread of spam but also the theft of personal information. Savvy computer users can easily avoid this but the vast majority of people have absolutely no clue what is going on! |
|
|
|
|
Logged
|
|
|
|
|
Dormouse
|
|
« Reply #5 on: March 05, 2013, 06:33:38 AM » |
|
Thanks for the headsup Carol. I checked my account and found it had been accessed from Turkey on Friday. Appears to have tried to spam and then Yahoo blocked it from sending. I've changed password now. I can't figure out why anyone would use a yahoo or hotmail account anyway,
Well, I have it with a Yahoo ID to allow me to manage a Yahoo Group. I've then used it for an email account when I don't trust the organisations I am giving it to, but may need a continuing address rather than a temporary one. I very rarely look at any of the email in it. So not much lost from my point of view. But access risks are only just increasing. And having recently been burgled I'm well aware that having everything local is no panacea either. Current strategy is having all my eggs in many baskets of many different types with a whole range of encryption strategies for stuff I save in the cloud (and trying not to have anything sensitive in the cloud at all). |
|
|
|
|
Logged
|
|
|
|
|
40hz
|
|
« Reply #6 on: March 05, 2013, 08:22:11 AM » |
|
It's only going to get worse as consumers are pushed to cloud services - hell if you buy a Windows 8 machine most people seem to think that HAVE to sign up for a Windows Live (aka hotmail) account and have their machine permanently linked to Microsoft's servers.
Precisely.  Once again Carol is spot on.  Right now I'm dealing with two small companies that have brought in Windows 8. Every single Win 8 installation they've done so far was set up with Windows Live. When I asked them why they did that, they said (as Carol observed) they didn't think they had a choice in the matter. And if Microsoft's app store ever catches on, you really won't have a choice since you'll need to have a Live account to use it. Sorry. But this really sucks.  |
|
|
|
« Last Edit: March 05, 2013, 08:29:00 AM by 40hz »
|
Logged
|
|
|
|
|
wraith808
|
|
« Reply #7 on: March 05, 2013, 11:59:19 AM » |
|
It's only going to get worse as consumers are pushed to cloud services - hell if you buy a Windows 8 machine most people seem to think that HAVE to sign up for a Windows Live (aka hotmail) account and have their machine permanently linked to Microsoft's servers.
Precisely. Once again Carol is spot on. Right now I'm dealing with two small companies that have brought in Windows 8. Every single Win 8 installation they've done so far was set up with Windows Live. When I asked them why they did that, they said (as Carol observed) they didn't think they had a choice in the matter. And if Microsoft's app store ever catches on, you really won't have a choice since you'll need to have a Live account to use it. Sorry. But this really sucks. It's pretty obvious in the setup, IMO.  And you can also set up your account with 2-stage authentication that way. |
|
|
|
|
Logged
|
|
|
|
|
40hz
|
|
« Reply #8 on: March 05, 2013, 12:07:34 PM » |
|
It's pretty obvious in the setup, IMO. Yeah. In mine too. But I'm talking about two clients. Not you or me. So um...maybe I'm missing the point you're making here...   |
|
|
|
|
Logged
|
|
|
|
|
wraith808
|
|
« Reply #9 on: March 05, 2013, 12:44:43 PM » |
|
Ohhhh! The point is that clients are stupid. That's a statement I can get behind! ...unless I'm the client... |
|
|
|
|
Logged
|
|
|
|
|
40hz
|
|
« Reply #10 on: March 05, 2013, 12:49:02 PM » |
|
Ohhhh! The point is that clients are stupid. That's a statement I can get behind! ...unless I'm the client...I'd probably characterize it more as 'inattentive to what's being said,' 'insufficiently focused on the task at hand,' and 'occasionally naive.' But... yeah...pretty much.  Unfortunately, there's a whole industry out there that prefers they remain that way. |
|
|
|
|
Logged
|
|
|
|
|
Carol Haynes
|
|
« Reply #11 on: March 06, 2013, 04:24:41 AM » |
|
Most people that I deal with have not seen a way to setup Windows 8 without using an email address.
On at least one computer I set up I could see no way to avoid using an email address except refusing to connect to the internet when prompted - that way it let you set up a local account - up until then it was insistent that you use a live.com address.
I presume different manufacturers organise the setup process in different ways.
Whatever - the majority of non-techie end users just turn on and follow the instructions. When MS says enter your email address now they do it without questioning and end up with a live.com account whether they ever want to use it or not.
I haven't seen anyone (except me) using Office 2013 (and I am going to uninstall it and put 2010 on) and that defaults to SkyDrive for all saving and loading. Yes you can change it but I come across too many end users who have no idea how to save something other than by clicking Save - they don't even know where the files are stored.
This is a worrying development in all major OSes because they are ripe targets for hackers and over time the picking are going to make it more and more worth it. Unfortunately the one thing that seems to be clear is that the hackers keep showing they have the upper hand!!
|
|
|
|
|
Logged
|
|
|
|
|
wraith808
|
|
« Reply #12 on: March 06, 2013, 03:10:57 PM » |
|
Most people that I deal with have not seen a way to setup Windows 8 without using an email address.
On at least one computer I set up I could see no way to avoid using an email address except refusing to connect to the internet when prompted - that way it let you set up a local account - up until then it was insistent that you use a live.com address.
I presume different manufacturers organise the setup process in different ways.
Whatever - the majority of non-techie end users just turn on and follow the instructions. When MS says enter your email address now they do it without questioning and end up with a live.com account whether they ever want to use it or not.
I haven't seen anyone (except me) using Office 2013 (and I am going to uninstall it and put 2010 on) and that defaults to SkyDrive for all saving and loading. Yes you can change it but I come across too many end users who have no idea how to save something other than by clicking Save - they don't even know where the files are stored.
This is a worrying development in all major OSes because they are ripe targets for hackers and over time the picking are going to make it more and more worth it. Unfortunately the one thing that seems to be clear is that the hackers keep showing they have the upper hand!!
It's on the main page when you set up your account- it's on the bottom right corner- skip this step. This was in a plain vanilla installation of Windows 8, so I'm not sure if manufacturer's do something with pre-installed versions. The one thing that having a live account does is make sure they at least set up a password- most machines don't even have one, so I don't really see the difference? You can't even do anything with it that would affect the local computer without authenticating. |
|
|
|
|
Logged
|
|
|
|
|
Tinman57
|
|
« Reply #13 on: March 06, 2013, 06:40:49 PM » |
|
I can't figure out why anyone would use a yahoo or hotmail account anyway, unless they just wanted a throw-away account for some reason. I've never seen an ISP that didn't already give you anywhere from 5 to 15 email addresses with the internet service. All you have to do is log on to your account and set up your email address(s). Then you can use your own spam filters or anti-spam software. I use MailWasher Pro to wash all the crap from my email account BEFORE I download my emails from my POP3 server. But, that's just me....
Simple a number of ISPs farm out their email to Yahoo to deal with. BT (the largest telco in the UK) does this for domestic customers. The email address is name@btinternet.com or similar (there are variations on the domain) but at the end of the day it is a yahoo account. Its exactly the same as organisations contracting their email to Google - a friend of mine has a school email address, she goes to the school website to login to webmail and although there is some customisation of the colour scheme and layout you can see instantly that it is a gmail account. It's only going to get worse as consumers are pushed to cloud services - hell if you buy a Windows 8 machine most people seem to think that HAVE to sign up for a Windows Live (aka hotmail) account and have their machine permanently linked to Microsoft's servers. What is really worrying with all these systems is the increase in successful hacking - I you use something like hotmail as your account for Windows 8 and end up syncing personal stuff to the cloud and hacking on that server won't just allow the spread of spam but also the theft of personal information. Savvy computer users can easily avoid this but the vast majority of people have absolutely no clue what is going on! I have learned something new today! Geeze, that really does suck. Every ISP I've ever done business with has always had their own POP3 servers. I stray away from the likes of Yahoo and Hotmail, especially since they have the habit of scanning your emails and injecting ads into them. |
|
|
|
|
Logged
|
((((TINMAN))))
|
|
|
|
kyrathaba
|
|
« Reply #14 on: March 06, 2013, 08:57:21 PM » |
|
Just in the past few days, I've received multiple emails from my mother-in-law's Yahoo email account that are spam, and that I KNOW she is not manually sending to me. Just more anecdotal evidence...
|
|
|
|
|
Logged
|
Win 7 Home Premium 64bit-SP1 AMD Athlon II X2 220 Socket AM3 (938) @ 2.1GHz 6GB RAM Firefox 20.0 _________________________________________________________________________________________ I'm fighting against patent trolls. Join me and tell your representative to support the #SHIELDAct: https://eff.org/r.b6JJ /via @EFF http://kyrathaba.dcmembers.com/donate.htm |
|
|
|
Carol Haynes
|
|
« Reply #15 on: March 07, 2013, 03:24:21 AM » |
|
BT (and by implication Yahoo) now apparently admit the problem if you speak to technical support.
Typically no public statement, warning or advice from Yahoo to legitimate users even though there is plenty of evidence for the problem!
|
|
|
|
|
Logged
|
|
|
|
|
40hz
|
|
« Reply #16 on: March 07, 2013, 12:17:44 PM » |
|
Just in the past few days, I've received multiple emails from my mother-in-law's Yahoo email account that are spam, and that I KNOW she is not manually sending to me. Just more anecdotal evidence...
I have three SB clients using Yahoo e-mail courtesy of AT&T farming it out (unbeknownst to them) for most DSL accounts. Two of them have recently received warning/block notices from the e-mail admins of some of their own customers because they are supposedly spamming their customer's e-mail servers. Fun... Especially when trying to talk to somebody at ATT/Yahoo about it.  |
|
|
|
|
Logged
|
|
|
|
|
Carol Haynes
|
|
« Reply #17 on: March 07, 2013, 07:36:05 PM » |
|
How do you talk to Yahoo? Do they even have a contact number for end users ... sorry, marketing targets ?
|
|
|
|
|
Logged
|
|
|
|
|
|
|
Carol Haynes
|
|
« Reply #19 on: March 11, 2013, 04:23:59 AM » |
|
Pretty typical reaction of Yahoo - if they didn't write such god awful buggy webscripts themselves it might make it harder for hackers, and the problem might not go on for months! |
|
|
|
|
Logged
|
|
|
|
|
40hz
|
|
« Reply #20 on: March 11, 2013, 07:13:18 AM » |
|
Pretty typical reaction of Yahoo - if they didn't write such god awful buggy webscripts themselves it might make it harder for hackers, and the problem might not go on for months! And lets not forget they got hacked and had this same sort of thing happen to them previously too. |
|
|
|
|
Logged
|
|
|
|
|
erikts
|
|
« Reply #21 on: May 20, 2013, 01:10:01 AM » |
|
This time, Yahoo! Japan got hacked.  Yahoo Japan suspects vast ID theftData on 22 million users feared stolen, but not passwords “We don’t know if the file (of 22 million user IDs) was leaked or not, but we can’t deny the possibility, given the volume of traffic between our server and external” terminals, the company said in a statement late Friday. Via Daily Network Security Podcast |
|
|
|
|
Logged
|
|
|
|
|
pilgrim
|
|
« Reply #22 on: May 20, 2013, 06:11:12 AM » |
|
Interesting subject email providers.
ISP's: The majority of my email addresses are with my ISP (same one since 2005), never had a problem with them until I built my new computer last year and started using Opera as my email program.
Within a couple of months every single time I went to send an email through any of the ISP accounts I was directed to a security page where I was asked to fill in a captcha, answer security questions, and then change my password.
After numerous attempts to get the issue resolved I got put in touch with the Chairman's Office and the second person I heard from actually took the matter up although with limited success.
At one point I was told it was because I was connecting from an unrecognised IP address, as I had been using a wide range of VPN's for several years I asked them why, if that had never been a problem in the past it had suddenly become one? In spite of denying any changes being made at their end, a couple of months later the problems disappeared and have thus far not returned.
Yahoo: I have half a dozen Yahoo accounts, 2 - AU, 2 - Uk, 2 - US. The first 4 I am able to forward to my email programs, which I think is probably the reason I have avoided the login problems that a lot of people have had. All my accounts are IMAP/SMTP.
To answer a question asked above about contacting Yahoo, at least in the UK, I found this some time back although I have never used it: Yahoo UK Customer Services - 0800 0289 562.
|
|
|
|
|
Logged
|
I spent 25 years training to be an eccentric then I woke up one morning and realised that I'd cracked it.
I've not had to try since.
I wonder what happens if I click on thi
|
|
|
|
