My Yahoo email hacked
- Thread starter derk
- Start date
Associate
- Joined
- 30 Oct 2003
- Posts
- 1,387
- Location
- Aberdeen
Give it a go while you make the call on moving provider. They seem to have two systems on the go though. They have something called "sign in seal" which just seems to put a little picture on your login page. Prevents spoofing of the login page on a machine you use all the time. The other system is "second sign-in vetification", which is what I mentioned earlier.
This could be really bad for Yahoo. I believe they are already in trouble, but if their email system is found to be insecure people will just jump ship. While I know the two are not related, if could also result in people staying away from their whole landing page. Though yahoo.co.uk is so poor that would not be much of a loss.
Not seen that before, just had a look on the website and this bit made me laugh
Like I would know, would you spot something dodgy in an encrypted algorithm LOL
Standard practice of good encryption software is to be open source so that peers can review the code to spot flaws in the encryption algorithm. You're not looking for something dodgy in "encrypted code" as none of the code required to encrypt something will be encrypted.
And yes, flaws are quite often found in encryption algorithms. Quite heavily covered was the recent bounty for flaws in the Mega encryption code which resulted in quite a number of flaws found and subsequently fixed.
Script exploit that uses the cookie generated by yahoo when you tick the remember me box.
I am the only person with access to my pc, I use Firefox and have it set to remember my passwords on the sites I visit which in turn are password locked with a master password.
Your made to believe that this is safe or safer but maybe the browser is vunerable.
At the moment I feel like I'm stood on a table and someone just pulled my trousers down
Your made to believe that this is safe or safer but maybe the browser is vunerable.
At the moment I feel like I'm stood on a table and someone just pulled my trousers down
http://www.hotforsecurity.com/blog/yahoo-accounts-hijacked-via-xss-type-at=tack-5172.htmlI am the only person with access to my pc, I use Firefox and have it set to remember my passwords on the sites I visit which in turn are password locked with a master password.
Your made to believe that this is safe or safer but maybe the browser is vunerable.
At the moment I feel like I'm stood on a table and someone just pulled my trousers down
They most likely don't have your password.
- Joined
- 14 Jun 2004
- Posts
- 17,521
- Location
- Newcastle U/T
At the moment I feel like I'm stood on a table and someone just pulled my trousers down
My Eyes
I am the only person with access to my pc, I use Firefox and have it set to remember my passwords on the sites I visit which in turn are password locked with a master password.
Your made to believe that this is safe or safer but maybe the browser is vunerable.
At the moment I feel like I'm stood on a table and someone just pulled my trousers down
On a positive note it's possible your email hasn't been hacked at all.
Bounces like you're seeing are sent to the "from" address which can be spoofed.
A spammer my just be using your email as a known "safe sender" to help get through spam filters.
However, changing your passwords and taking extra precautions is still a very good idea!
EDIT: Oh no, ignore me - you've got logins from Turkey. Could be failed attempts mind you... might not have actually got in... but not by those descriptions on the activity
Nice find.
That is what happened to me.
My Eyes
Yes I have embarrassed a few before
I hope so.
30th Jan, might have been fixed.
Permabanned
- Joined
- 28 Dec 2009
- Posts
- 13,052
- Location
- london
my sister had her yahoo hacked this week and several users where i work had their yahoo hacked as well. it would send out emails to five contacts at a time with some weird hidden text and a dodgy url. very odd.
My O/H had her Yahoo e-mail done this week. I got a couple of random messages from her yesterday. Digging through the SMTP headers lead me to an IP in Vietnam which is flagged by a few honeypots.
Where do you find the "recent login" screen in Yahoo?
Where do you find the "recent login" screen in Yahoo?
Associate
- Joined
- 9 Jan 2006
- Posts
- 1,440
- Location
- Nottingham
i use LastPass for all my passwords after my gmail and diablo 3 accounts were hacked (yes it was the same password). no real damage done, all randomly generated passwords are stored in lastpass - so if I lose that i'm boned 
i use 2 step verification everywhere i can now.
i use 2 step verification everywhere i can now.
Associate
- Joined
- 30 Oct 2003
- Posts
- 1,387
- Location
- Aberdeen
Just signed up for a gmail account and spent some time delving around the security features. I was shocked quite how poor and out of date yahoo's offerings are. I think I'll slowly start migrating important information over to gmail. It looks like Yahoo has reached the U-bend of it's slow journey down the toilet!
Your 'heres why' seems to recommend against the use of password managers
Indeed; I just can't get away from the notion that in the event of a breach, a password manager would utterly screw me over far worse.
Soldato
- Joined
- 8 Mar 2007
- Posts
- 10,938
You've already failed standard computer security if you are using the same password in more than one location anyway.
I have a mental system with various inputs based on the website I'm on, run a simple algorithm in my head and hey presto a unique password for every website and nothing else to remember but the system itself and no password manager.
So for example you could have something like this...
1) First three letters of your username
2) Day and Month of birth backwards
3) First three letters of website in capitals
4) number of letters in website
5) Website extension (.co.uk, .com etc) backwards
So for this site my password would be 'est2002OVE12kuoc'.
BY THE WAY THE ABOVE IS AN EXAMPLE OF A POSSIBLE SYSTEM, MY SYSTEM IS DIFFERENT TO THE ONE I SUGGESTED BEFORE YOU TRY HACKING ME LOL!
Last edited: