14 views
Skip to first unread message
aditya2k
Mar 21, 2011, 2:49:51 PM3/21/11
to rt_...@yahoo.com, amitpa...@gmail.com, GAal...@googlegroups.com, Google-Answer...@googlegroups.com, manda...@gmail.com, shiv...@gmail.com, ksnr...@alum.mit.edu, unsubscr...@levi.com
mathtalk
Mar 21, 2011, 6:53:45 PM3/21/11
to GA Alumni Association
Some spam similar to this went out from my wife's
gmail account today. What is going on? I believe
the link below redirects to a spam site.
On Mar 21, 2:49 pm, aditya2k <adity...@gmail.com> wrote:
> http://canadia2opwerfull.ca.pn/w4j7d7
gmail account today. What is going on? I believe
the link below redirects to a spam site.
On Mar 21, 2:49 pm, aditya2k <adity...@gmail.com> wrote:
> http://canadia2opwerfull.ca.pn/w4j7d7
aditya2k
Mar 25, 2011, 8:29:33 AM3/25/11
to rt_...@yahoo.com, amitpa...@gmail.com, GAal...@googlegroups.com, Google-Answer...@googlegroups.com, manda...@gmail.com, shiv...@gmail.com, ksnr...@alum.mit.edu, unsubscr...@levi.com
aditya2k
Mar 25, 2011, 2:38:11 PM3/25/11
to mathtalk, GA Alumni Association
Sorry about this. Please don't click on the link.
My account was compromised, and according to gmail's account activity log, there were logins from Russia and Romania. Recently, gawker's user database was compromised and the passwords were cracked. I happened to use the same password and login id on their network as well. Being a techie guy myself, I should've changed the password of this account after that incident. I've always used different passwords for primary email accounts and financial accounts.
Here are key takeaways:
- Maintain unique passwords for financial accounts.
- Maintain unique passwords for key (or all) email accounts.
- Many sites that host forums save your password in clear text, and if their database is compromised internally or externally, you're at risk.
- Many sites use http (and not https), so your password is sent in clear text over the air and if you're on Public Wi-Fi, data can be easily sniffed.
--
You received this message because you are subscribed to the Google Groups "GA Alumni Association" group, and because **you** are **so** special.
myoarin
Mar 25, 2011, 5:50:24 PM3/25/11
to GA Alumni Association
If this is about spurious messages from someone's email address,
shortly after Probo told me about receiving a message from a friend,
ostensibly asking for money (via Western Union, of course), I received
about the same text with a friend's email address, claiming that he
was in straits in Spain, which I knew wasn't the case. His was a
hotmail account. I rather doubt that he uses wi-fi, probably only
goes online from his home-based computer.
On Mar 25, 7:38 pm, aditya2k <adity...@gmail.com> wrote:
> Sorry about this. *Please don't click on the link.*
shortly after Probo told me about receiving a message from a friend,
ostensibly asking for money (via Western Union, of course), I received
about the same text with a friend's email address, claiming that he
was in straits in Spain, which I knew wasn't the case. His was a
hotmail account. I rather doubt that he uses wi-fi, probably only
goes online from his home-based computer.
On Mar 25, 7:38 pm, aditya2k <adity...@gmail.com> wrote:
> Sorry about this. *Please don't click on the link.*
>
> My account was compromised, and according to gmail's account activity log,
> there were logins from Russia and Romania. Recently, gawker's user database
> was compromised and the passwords were cracked. I happened to use the same
> password and login id on their network as well. Being a techie guy myself, I
> should've changed the password of this account after that incident. I've
> always used different passwords for primary email accounts and financial
> accounts.
>
> Here are key takeaways:
> - Maintain unique passwords for financial accounts.
> - Maintain unique passwords for key (or all) email accounts.
> - Many sites that host forums save your password in clear text, and if their
> database is compromised internally or externally, you're at risk.
> - Many sites use http (and not https), so your password is sent in clear
> text over the air and if you're on Public Wi-Fi, data can be easily sniffed.
>
> My account was compromised, and according to gmail's account activity log,
> there were logins from Russia and Romania. Recently, gawker's user database
> was compromised and the passwords were cracked. I happened to use the same
> password and login id on their network as well. Being a techie guy myself, I
> should've changed the password of this account after that incident. I've
> always used different passwords for primary email accounts and financial
> accounts.
>
> Here are key takeaways:
> - Maintain unique passwords for financial accounts.
> - Maintain unique passwords for key (or all) email accounts.
> - Many sites that host forums save your password in clear text, and if their
> database is compromised internally or externally, you're at risk.
> - Many sites use http (and not https), so your password is sent in clear
> text over the air and if you're on Public Wi-Fi, data can be easily sniffed.
>
mathtalk
Mar 28, 2011, 10:18:45 AM3/28/11
to GA Alumni Association
On Mar 25, 2:38 pm, aditya2k <adity...@gmail.com> wrote:
> Sorry about this. *Please don't click on the link.*
>
> My account was compromised, and according to gmail's account activity log,
> there were logins from Russia and Romania. Recently, gawker's user database
> was compromised and the passwords were cracked. I happened to use the same
> password and login id on their network as well. Being a techie guy myself, I
> should've changed the password of this account after that incident. I've
> always used different passwords for primary email accounts and financial
> accounts.
>
> Here are key takeaways:
> - Maintain unique passwords for financial accounts.
> - Maintain unique passwords for key (or all) email accounts.
> - Many sites that host forums save your password in clear text, and if their
> database is compromised internally or externally, you're at risk.
> - Many sites use http (and not https), so your password is sent in clear
> text over the air and if you're on Public Wi-Fi, data can be easily sniffed.
>
> My account was compromised, and according to gmail's account activity log,
> there were logins from Russia and Romania. Recently, gawker's user database
> was compromised and the passwords were cracked. I happened to use the same
> password and login id on their network as well. Being a techie guy myself, I
> should've changed the password of this account after that incident. I've
> always used different passwords for primary email accounts and financial
> accounts.
>
> Here are key takeaways:
> - Maintain unique passwords for financial accounts.
> - Maintain unique passwords for key (or all) email accounts.
> - Many sites that host forums save your password in clear text, and if their
> database is compromised internally or externally, you're at risk.
> - Many sites use http (and not https), so your password is sent in clear
> text over the air and if you're on Public Wi-Fi, data can be easily sniffed.
>
> On Mon, Mar 21, 2011 at 3:53 PM, mathtalk <hardm...@gmail.com> wrote:
> > Some spam similar to this went out from my wife's
> > gmail account today. What is going on? I believe
> > the link below redirects to a spam site.
Thanks, aditya2k, you make some good points.
> > Some spam similar to this went out from my wife's
> > gmail account today. What is going on? I believe
> > the link below redirects to a spam site.
I looked at the headers of my wife's email, and it wasn't
obvious whether her account had been used or spoofed. In
any case my report of the incident to Google resulted in
her promptly being locked out, pending reverification by
one of several methods.
It's obviously not easy for most people to maintain unique
passwords on all accounts, but I treat gmail like a
financial account and keep a stronger password there than
on forums (where I really have no idea of the backend
implementation).
regards, chip
Reply all
Reply to author
Forward
0 new messages