[GRLUG] hacked

[Michael Mol]

On Wed, Jul 27, 2011 at 10:37 AM, Casey DuBois <casey at grlug.org> wrote:
> Hey Guys,
>
> My Yahoo seems to have been hacked by a spambot.
>
> It looks to have started at 7:40 and I got the first copy from myself
> at around 7:43.
> From what I can see it started hitting some heavy bounce/returns about
> that time and may have stopped or got blocked.
> I was able to change my password by 8ish but it looks like the damage
> had been done.
>
> So I changed my password with twice as many numbers letters and am in
> the process of assessing all passwords on all accounts I have.
>
> What else can I do?

Depends on how paranoid you are.

At the most paranoid level:
* If you used that password elsewhere, then you may assume other
accounts with that password were also hacked.
* Reset all of those passwords.
* If those accounts had data in them that would facilitate breaking
into still other accounts or services, address potential compromises
in those, and give them the same treatment and analysis.

At a moderate level:
* Change all your passwords to something like the result of "dd
if=/dev/urandom bs=10 count=1|base64", if you *really* want to avoid
dictionary attacks on your passwords in the future. Otherwise, come up
with a personal system that allows you to recall the password based on
some property of the account (this latter is what I do; I have a
different password on every system I touch)

You might want to see if you can close up and lock out accounts you
don't use any more.

-- 
:wq

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.