Feeds

back to article Webmail buggers attack Yahoo!, Hotmail users

The high-profile phishing campaign targeting the private Gmail accounts of government officials and political activists is part of a wider pattern of attacks also targeting Hotmail and Yahoo! Mail, according to net security firm Trend Micro. Trend said that whether or not the attacks were related, they were all aimed towards …

COMMENTS

This topic is closed for new posts.
Big Brother

They really want my spam??

as it is the only thing sent to likes of Yahoo? I'll forward it for them, they just have to ask ;-)

1
0
Silver badge
Linux

Is this largely an IE based attack?

While it is possible the phising attacks are probably quite well crafted, am I right in believing the res:// protocol is a windows/IE only trick?

Another good reason not to use IE at all, even if you are dedicated to using Windows for other reasons?

(And before the trolls come out, yes I know all OS are vulnerable to some degree, more so for Trojans, but indulge me this fanboi-baiting luxury given Windows 99.95%+ share of current malware)

1
1
Pint

no... all browsers capable of running on Windows are vulnerable

You're right about the res:// protocol being a Windows only "feature", but due to the CSS flaw of the bug in question, all browsers that can run on Windows are potentially vulnerable, especially as it exploits a hole in all versions of Adobe Flash.

1
0
Megaphone

Emails with Faked From-Addresses

Re: "The malicious email, which posed as a message from the Facebook security team"

Here at 1USA.Com, our mail servers check to make sure that the From-Address, Mail-From address, Return-Path address and Reply-To address are legitimate for the mail server that's sending the email, and that the IP address of the sending mail server resolves.

As a result, our 1usa.com customers get no spams in their In-Box... unless they invite them in.

There are protocols to determine if an email is legitimate or not. One is called SPF and the other one that's used by Gmail, Hotmail and Yahoo is called Domain Keys.

Just having a Domain Key in the header of an email does not indicate that the email is legitimate though.

1USA.Com has this wonderful mail server that stops spams... but most people would rather go get a 'free' throw-away email account from some other mail server host, then gripe when their bank account is cleaned out. Maybe they need to take Email more seriously... and switch their email service.

BarryZ

1USA.com

Reading PA USA

0
0
This topic is closed for new posts.