This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • New note by bobjonkman 19 May 2022
      I've had all my clocks and watches on 24hr time ever since...
    • New note by bobjonkman 19 May 2022
      When I was a young pup, just started my first job. Woke up at 4:30 one day, panicked, "I've slept through the whole day, I'll get fired!!" It was 4:30am, of course. Don't recall if I got back to sleep or not.
    • bobjonkman repeated a notice by lnxw48a1 19 May 2022
      RT @lnxw48a1 I woke up around 02:45, thinking it was 07:45. Before 03:00, I realized it wasn’t time to get up. I still really feel the lack of #sleep 💤.
    • Favorite 19 May 2022
      bobjonkman favorited something by lnxw48a1: I woke up around 02:45, thinking it was 07:45. Before 03:00, I realized it wasn’t time to get up. I still really feel the lack of #sleep 💤.
    • New note by bobjonkman 14 May 2022
      "A Supreme Court that doesn't give a damn what the public wants ... is exactly what a Supreme Court is for, actually." True enough. But elected representatives in government *are* supposed to do what people want, that's why they get elected. If they had fulfilled their obligations to actually represent the citizens' wants then the […]
    • bobjonkman repeated a notice by clacke 14 May 2022
      RT @clacke People, not all people but most people, are angry about the wrong thing. I agree that Roe v Wade being canceled is a bad outcome. I agree that women should have the right to their bodies, but here's my possibly unpopular take: A Supreme Court that doesn't give a damn what the public […]
    • New note by bobjonkman 12 May 2022
      It's the middle of May, I'm sitting outside in 28C weather, just 100km west of Toronto, and the Leafs are *still* playing hockey?
    • bobjonkman repeated a notice by guizzy 12 May 2022
      RT @guizzy @vriska I would wait before celebrating just yet. Never underestimate the Leafs ability to snatch defeat from the jaws of victory.
    • New note by bobjonkman 12 May 2022
      It seems the state-of-the-art for autonomous vehicles is worse than I thought. Still, with the number of bad drivers on the road now, replacing them with bad robocars is still likely to be an improvement.
    • bobjonkman repeated a notice by geniusmusing 12 May 2022
      RT @geniusmusing @lnxw48a1 @bobjonkman They are still not ready or someone had interfered with their learning... :P Cars With Active Driving Assistance Tech Crash During AAA Test https://gizmodo.com/tesla-active-driving-assistance-autonomous-cars-aaa-1848916830 >Despite lofty performance promises from carmakers seeking an autonomous future, recent testing from AAA revealed “inconsistent performance” with more basic active driving assistance (ADA) that resulted in […]

Archive for the 'spam' Category

Charming comment spam

Posted by Bob Jonkman on 6th July 2012

Smoke curls up

Genie in the bottle

This blog may not have many readers who leave comments, but it sure does have a lot of commenters who leave spam! Still, I make sure to go through the list of pending comments in case there’s a real one in there. Today, I came across one comment that was obviously spam, but charming with its fractured English and a punch line I hadn’t heard before:

AftequeAlew:
A houseman was walking on the beach harmonious day and he bring about a bottle half buried in the sand. He irrefutable to provide it. Stomach was a genie. The genie said,” I resolve agree to you three wishes and three wishes only.” The gentleman prospect there his beginning demand and decided, “I think I be deficient in 1 million dollars transferred to a Swiss bank account. POOF! Next he wished after a Ferrari red in color. POOF! There was the transport sitting in van of him. He asked in search his settled hanker, ” I wish I was irresistible to women.” POOF! He turned into a box of chocolates.

Genie in the bottle by zenoka is used under a CC BY-NC 2.0CC BY-NC 2.0 license.

Tags: , , , , , , ,
Posted in blogging, spam | 3 Comments »

What to do about compromised Hotmail passwords

Posted by Bob Jonkman on 18th November 2010

autoroute à emails

autoroute à emails by Biscarotte

I administer a number of e-mail systems, and I’ve been seeing a lot of spam coming from Hotmail accounts recently. And both friends and clients have been telling me that it’s not them who are sending spam from Hotmail (and ending up in my e-mail systems), their accounts have been hacked. One person asked me:

Is it just Hotmail? What else could I use? Can’t I just change my password?

Changing passwords is only an effective solution if the account was compromised by social engineering, eg. the legitimate user giving out the password in a phishing attempt or other direct means, or if a simple password was guessed or cracked.

There is evidence that Hotmail and Yahoo’s password recovery mechanism is flawed (eg. the Sarah Palin breach), so that malusers can acquire a new password for an account. I don’t think this is happening, because victims are not reporting being locked out of their accounts. Of course, if the service merely sends out the current password then this may be what is happening, and no amount of password complexity will protect the account.

If the passwords were compromised by an automated password cracker then I would expect only simple passwords to be breached, and accounts with strong passwords would be safe. I do not know what kind of passwords were in use by the people who have compromised accounts, but it is likely they were simple passwords.

While I have no evidence, I think the current rash of breaches is due to a more systematic attack by URL munging, or fuzzing the inputs on a POST request, or some other attack vector. These attacks do not require an authenticated login, and in that case no amount of password complexity will provide security either.

I haven’t heard of similar compromised accounts in Gmail, so that may be a suitable alternative for now. I’ve been recommending that people use the mail accounts provided by their ISPs, largely so that they can make use of the ISP’s technical support if their accounts do get compromised. And, of course, if they’re paying their ISP for a mail account then there may be immunity from liability (“My mail account was compromised and I was paying my ISP for security, so all this spam is their fault”).

–Bob.

Update 5 Feb 2012: I retract the first sentence in the last paragraph. E-mail Administrator friends have been telling me that Google Mail is just as vulnerable as Hotmail and Yahoo. Having just read “Hacked!” in The Atlantic I’m convinced the problem of compromised mail accounts is worse than I thought, and that no online providers (especially the “free” ones) adequately protect the e-mail of their users.

autoroute à emails by Biscarotte is used under a Creative Commons by-sa-v2.0 license.

Tags: , , , , , , , , , , , ,
Posted in email, Internet, spam | 1 Comment »

 
Better Tag Cloud