Hotmail Hack
If you have an e-mail account with Hotmail, MSN, Live, or any other Micro$oft entity, change your password immediately.
Of course, if someone else has seen the list and already visited the control panel and changed the password, you are SOL. Your friends will hate you when they start receiving spam under your e-mail address.
If you use the same name and passwords for other things, change those too, because too many people only use only one user name and password for everything.
8 comments
It’s a phishing attack, not a compromise. I even know the vector, it was one of those annoying bogus “verify your account” emails that morons invariably click on. The attacker somehow figured out a way to fool Hotmail’s spam filters into actually putting it into the inbox rather than into the Spam folder (usually they get immediately put into the spam folder, Hotmail’s spam filtering is very good), which undoubtedly helped with fooling people into clicking through it, but really, when will people learn to go directly to the web site in question rather than clicking through links in email?!
The actual details straight from the horses’s mouth, minus the details of why exactly their spam filter failed to route this phishing scam to Spam the way it usually does… Microsoft still believes in security by obscurity. And Santa Claus too, probably.
– Badtux the Security Penguin
.-= last blog ..Monday Music =-.
My bad, the article said phishing, but I couldn’t believe that there were still so many stupid people on the ‘Net that could be conned by a phishing e-mail.
I disabled launching e-mail links years ago, as well as scripts, etc. because I have relatives who forward things that they think are amusing. I also download and delete from the server all e-mail, unless I’m away from my home base. Web mail is great if you do a lot of traveling and don’t want to schlep along a laptop, but if you work from a static location there’s no need to bog down the server.
I know people still use Outlook and other dangerous practices, but I assumed they would have wised up after years of this crap.
Bryan, never underestimate the stupidity of the American people. President George W. Bush. Twice. ‘Nuff said. (And forget that “but Florida!” “but Ohio!” bit, everybody who didn’t vote in effect voted for GWB because they were saying via their lack of vote, “we don’t mind if GWB becomes President”).
Reminds me of this XKCD flowchart. I’m constantly getting calls from relatives asking me for help with Windows. As you know, I don’t do Windows. I’m a Linux penguin. But I run them through this flowchart, and it works almost all the time. But the Great Penguin forbid if I simply sent them a link to this flowchart, it would be like sending them something written in Urdu. Logical thinking simply is not part of their repertoire.
– Badtux the Geeky Penguin
I am fortunate: my email host (everyone.net, a commercial email host, not to be confused with ev1.net) has a webmail interface that allows one to view the mail source as plain text before it ever reaches your email client s/w. Using that feature, I’ve managed to avoid opening anything pathological in several years. everyone.net ain’t cheap, but it’s the safest email host I’ve seen, and very reliable as well. To borrow Carl Sideoff’s wonderful screen name, sofarsogoo…
Between the Eset scanning, and the settings on Pegasus e-mail software, I can deal with it locally, although building the filters by hand is no fun.
I have tried to work on the MS garbage that comes with Windows, but if you make it really secure, it won’t work. I tell people who insist on using it that they have to be very careful, and can only hope they listen.
phishing? whew, don’t need to change all my gazillion passwords after all.
.-= last blog ..Game on! =-.
I keep over-estimating the intelligence of people on the ‘Net. It is a major personal failing.