spam email from friends: hacked or spoofed

Originally posted by Rich Pasco

Very often, I receive junk mail (spam) with a “From:” address of one of my contacts, for example a friend or fellow team member. The mail might contain an advertisement for Viagra or replica Rolex watches, a sad story about being robbed while on vacation (and please wire money), or just a link to a web site which could download malicious software onto my computer. In such cases, I delete that e-mail without clicking on the potentially dangerous link.

Just as often, a friend or fellow team member contacts me stating that junk mail is going out in their name and asking what to do about it. Here is what I reply:

Hacked or Spoofed?

It is important to know whether your mail is hacked or spoofed. Let’s define these terms:

HACKED – Mail is actually being sent from your account by someone logged in to your server as you.

SPOOFED – Mail is being sent from somewhere else with your address being forged onto its “From:” line.

Continue Reading at www.richpasco.org

 

Choosing a Secure Password

Choosing A Secure Password

Culture website BoingBoing has published a great article explaining how passwords can get cracked.  Lot’s of easy to understand examples and best practices to keep you safe. (more…)

security: breaches remind us to take security seriously

data security and retail

Recently two major corporations have released information about security failures. Retailer Target released information that it’s point of purchase system had be hacked with estimates of up to 70 million customers’ personal data stolen by hackers.  Starbucks was discovered to have been storing users passwords and information unencrypted in plain text in their iPhone app.  The takeaway from both of these instances is your personal data is never secure and you must share it with caution.

Security breaches seem like every day events in out modern times.  Rather than tune them out let them serve as reminders to take security seriously.

To be more secure online:

  • never click on links in email unless you are confident they are safe, do not trust an email came from the address given
  • wireless or public network allow for communications to be listened in on – check you have a secure SSL connection to the website you are visiting before sending any information (for instance logging in)
  • assume poor security, always

One point I cannot stress enough: if you are using your email to log into a service with a password you commonly use you are at extreme risk.

internet security: Adobe hacked

internet security breach

Internet security is a continuing concern. This hacking attack is of interest to people who have registered copies of Adobe Photoshop, Lightroom, or other products.  Your account at Adobe may have been compromised.  If the password you used at Adobe is the same as you have used elsewhere then those accounts are also compromised. (more…)

internet security: Yahoo email accounts hacked

security breached Yahoo emails hacked

In the past week I have received emails from 2 friend’s Yahoo email accounts – sent by hackers!  The emails contained a link which, had I clicked it, would have done who knows what.

The hacking attack which was used to take control of my friends email accounts used a security vulnerability at Yahoo to copy an access cookie that had been issued from Yahoo.  This access cookie gave the hackers full access to the email account until the cookie expired. This attack did require my friends to click on a link, either in a website or in an email. (more…)

security alert: Twitter hacked

Twitter announced on Friday February 1st they had been hacked in a sophisticated attack.  Twitter said 250k accounts may be affected and have emailed those users.  The stolen data included accounts, emails, addresses, and passwords. Whether or not Twitter contacted you it is probably a good idea to change your password, both for your Twitter account and for any other login that uses the same password. It is not a difficult matter to find more logins associated with the same email address, especially for popular services like Google, Facebook, etc.

Wired – Twitter Hacked

SECURITY: LinkedIn Passwords Compromised

A 6+ million password list has been released to the wild which is strongly suspected to have originated at LinkedIn.  The passwords are not matched to any account names in this list, but it would be dangerous to assume someone does not have them as well.  It is very important you change your password at LinkedIn.  Since that account is associated with your email you will want to change that password everywhere you have used it.  LinkedIn is suspected as many of the passwords in the list contained the a variation of ‘linkedin’.

One part of this incident that makes it interesting is that the passwords were stored using a protection called hashing which converts the password in a way which is supposed to be difficult to reverse – but as of this writing likely over 75% had been extracted.

To protect you accounts you should:

  • choose long complicated passwords including capital letters, number, and punctuation
  • avoid words
  • not use the same passwords for different accounts

You can read the entire story at arstechnica