• Recent Posts

  • #SysAdminDay Dinner, Friday 26 July 2019
  • #SysAdminDay Dinner 2018 at Abe Erb in Kitchener
  • How To Create an Encrypted Drive in a File Container
  • Pictures of #SysAdminDay Dinner 2017 at @Abe_Erb
  • Planning #SysAdminDay Dinner
  • Auto-Type Keywords for KeepassX
  • Electoral Reform — My Submission to the #ERRE Committee
  • #SysAdminDay 2016 Pictures
  • System Administrator Appreciation Day Dinner — 29 July 2016
  • System Administrator Appreciation Day Dinner, 31 July 2015

• Past entries

  • July 2019 (1)
  • July 2018 (1)
  • October 2017 (1)
  • August 2017 (1)
  • June 2017 (1)
  • November 2016 (1)
  • October 2016 (1)
  • July 2016 (2)
  • July 2015 (1)
  • March 2015 (1)
  • January 2015 (1)
  • July 2014 (2)
  • May 2014 (1)
  • April 2014 (1)
  • March 2014 (1)
  • February 2014 (2)
  • November 2013 (2)
  • October 2013 (3)
  • September 2013 (1)
  • May 2013 (1)
  • April 2013 (1)
  • March 2013 (1)
  • February 2013 (1)
  • January 2013 (1)
  • November 2012 (2)
  • October 2012 (5)
  • August 2012 (1)
  • July 2012 (3)
  • June 2012 (1)
  • May 2012 (2)
  • April 2012 (2)
  • March 2012 (1)
  • November 2011 (2)
  • October 2011 (2)
  • June 2011 (2)
  • December 2010 (2)
  • November 2010 (1)
  • April 2010 (1)
  • March 2010 (1)
  • December 2009 (1)
  • November 2009 (2)
  • October 2009 (2)
  • September 2009 (2)
  • August 2009 (1)
  • April 2009 (1)
  • March 2009 (1)
  • December 2008 (5)

• Subscribe

  • Entries (RSS)
  • Comments (RSS)

• Blogroll

  • PoliBlog Bob Jonkman discusses politics
  • Stop The Stink In Elmira For those who are opposed to the location of the Proposed “Waste Disposal Facility” that Bio-En Inc. wants to build in Elmira, Ontario, Canada.
  • WatCamp Tech events in Waterloo Region

• Categories

  Categories Select Category Accessibility  (1) Bell Canada  (3) Big media  (3) blogging  (6) Business  (2) Calendars and Schedules  (1) Christmas  (1) code  (8)    pseudocode  (1)    valid html  (4) considered harmful  (9) copyright  (5)    copyright consultation  (2) CRTC  (3) Crypto  (5) dnsbl  (2) drm  (2) dslreports  (2) ebooks  (2)    kindle  (1) email  (3) Events  (9) feedback  (1) filesharing  (4) Google  (5)    Google Free  (4) green  (1) groupwise  (3)    gwcheck support options  (2)    gwcheck.com  (1) Hardware  (1) How To  (2) Internet  (9) Javascript  (1) Jesse Brown’s Search Engine  (2) journalism  (3)    newspapers  (2) music  (3) Net Neutrality  (3)    Deep Packet Inspection  (1) Open Data  (4) Operating System  (13)    GNU/Linux  (9)    Microsoft Windows  (2)    Novell Netware  (1)    Ubuntu  (7) Politics  (2) port blocking  (1) privacy  (9)    PGP/GPG  (4) Rogers  (1) Search Engine Optimization  (1) search engines  (2) security  (8) smtp  (2) Social Media  (2)    Microblogging  (2) Software  (12)    FLOSS  (11) spam  (2) Style  (1) System Administration  (13) teksavvy  (2) telephone  (1) tree  (1) Uncategorized  (2) usage based billing  (3) User Groups  (7)    KWLUG  (7)

• Bob Jonkman’s Microblog

  • bobjonkman repeated a notice by feld 29 January 2020
    RT @feld @mewmew @er1n If your goal is to be hidden from search engines you'll have things like valuable technical discussions lost forever. Yes you deserve the right to be forgotten. Yes you deserve to be anonymous if you want to be. Yes you deserve ownership and control over your data as much as is […]
  • Favorite 29 January 2020
    bobjonkman favorited something by feld: @mewmew @er1n If your goal is to be hidden from search engines you'll have things like valuable technical discussions lost forever.Yes you deserve the right to be forgotten.Yes you deserve to be anonymous if you want to be.Yes you deserve ownership and control over your data as much as is […]
  • New note by bobjonkman 11 December 2019
    Did you get the job?
  • bobjonkman repeated a notice by silverwizard 11 December 2019
    RT @silverwizard ♲ @anthonyvclark20@twitter.com: I am 100% against private Prisons Schools Utilities Healthcare Law enforcement Military Waste collection Water Internet Transportation systems Etc. Privatization continues to fail the public interest
  • Favorite 11 December 2019
    bobjonkman favorited something by silverwizard: ♲ @anthonyvclark20@twitter.com: I am 100% against private PrisonsSchoolsUtilities Healthcare Law enforcement Military Waste collection WaterInternet Transportation systems Etc.Privatization continues to fail the public interest
  • New note by bobjonkman 11 December 2019
    My computer already holds my coffee. Usually in a mug. Sometimes in the keyboard.
  • New note by bobjonkman 2 December 2019
    Don't worry about it. I know that's not really helpful advice, but I've had experiences like this too. I think of it as "the wheels falling off". I suspect everyone has these times, but most people won't admit it. An uplifting aphorism I heard in a movie: "It will all be alright in the end. […]
  • New note by bobjonkman 2 December 2019
    These all need illustrations for the box covers.
  • bobjonkman repeated a notice by nev 30 November 2019
    RT @nev i'm well aware canada's healthcare system is vastly inadequate, but just imagine if the housing system were anywhere near what the healthcare system was like. for-profit housing should be as obscene as for-profit healthcare. flipping houses should be seen as as unethical as hiking up insulin prices.
  • Favorite 30 November 2019
    bobjonkman favorited something by nev: i'm well aware canada's healthcare system is vastly inadequate, but just imagine if the housing system were anywhere near what the healthcare system was like. for-profit housing should be as obscene as for-profit healthcare. flipping houses should be seen as as unethical as hiking up insulin prices.

Archive for the 'spam' Category

Charming comment spam

Posted by Bob Jonkman on 6th July 2012

Genie in the bottle

This blog may not have many readers who leave comments, but it sure does have a lot of commenters who leave spam! Still, I make sure to go through the list of pending comments in case there’s a real one in there. Today, I came across one comment that was obviously spam, but charming with its fractured English and a punch line I hadn’t heard before:

AftequeAlew:
A houseman was walking on the beach harmonious day and he bring about a bottle half buried in the sand. He irrefutable to provide it. Stomach was a genie. The genie said,” I resolve agree to you three wishes and three wishes only.” The gentleman prospect there his beginning demand and decided, “I think I be deficient in 1 million dollars transferred to a Swiss bank account. POOF! Next he wished after a Ferrari red in color. POOF! There was the transport sitting in van of him. He asked in search his settled hanker, ” I wish I was irresistible to women.” POOF! He turned into a box of chocolates.

Genie in the bottle by zenoka is used under a CC BY-NC 2.0 license.

Tags: blog, charming, commenters, comments, fractured English, pending, readers, spam
Posted in blogging, spam | 3 Comments »

What to do about compromised Hotmail passwords

Posted by Bob Jonkman on 18th November 2010

autoroute à emails by Biscarotte

I administer a number of e-mail systems, and I’ve been seeing a lot of spam coming from Hotmail accounts recently. And both friends and clients have been telling me that it’s not them who are sending spam from Hotmail (and ending up in my e-mail systems), their accounts have been hacked. One person asked me:

Is it just Hotmail? What else could I use? Can’t I just change my password?

Changing passwords is only an effective solution if the account was compromised by social engineering, eg. the legitimate user giving out the password in a phishing attempt or other direct means, or if a simple password was guessed or cracked.

There is evidence that Hotmail and Yahoo’s password recovery mechanism is flawed (eg. the Sarah Palin breach), so that malusers can acquire a new password for an account. I don’t think this is happening, because victims are not reporting being locked out of their accounts. Of course, if the service merely sends out the current password then this may be what is happening, and no amount of password complexity will protect the account.

If the passwords were compromised by an automated password cracker then I would expect only simple passwords to be breached, and accounts with strong passwords would be safe. I do not know what kind of passwords were in use by the people who have compromised accounts, but it is likely they were simple passwords.

While I have no evidence, I think the current rash of breaches is due to a more systematic attack by URL munging, or fuzzing the inputs on a POST request, or some other attack vector. These attacks do not require an authenticated login, and in that case no amount of password complexity will provide security either.

I haven’t heard of similar compromised accounts in Gmail, so that may be a suitable alternative for now. I’ve been recommending that people use the mail accounts provided by their ISPs, largely so that they can make use of the ISP’s technical support if their accounts do get compromised. And, of course, if they’re paying their ISP for a mail account then there may be immunity from liability (“My mail account was compromised and I was paying my ISP for security, so all this spam is their fault”).

–Bob.

Update 5 Feb 2012: I retract the first sentence in the last paragraph. E-mail Administrator friends have been telling me that Google Mail is just as vulnerable as Hotmail and Yahoo. Having just read “Hacked!” in The Atlantic I’m convinced the problem of compromised mail accounts is worse than I thought, and that no online providers (especially the “free” ones) adequately protect the e-mail of their users.

autoroute à emails by Biscarotte is used under a Creative Commons by-sa-v2.0 license.

Tags: breach, complexity, compromised, email, gmail, hotmail, malusers, malware, password, Sarah Palin, social engineering, spam, yahoo mail
Posted in email, Internet, spam | 1 Comment »