Re: [OT] Has my e-mail account been hacked?

To: debian-user@lists.debian.org
Subject: Re: [OT] Has my e-mail account been hacked?
From: Andrew McGlashan <andrew.mcglashan@affinityvision.com.au>
Date: Wed, 14 Oct 2015 02:22:34 +1100
Message-id: <[🔎] 561D21BA.9070908@affinityvision.com.au>
In-reply-to: <[🔎] 20151013081521.GU4908@well-adjusted.de>
References: <[🔎] 1667908699.49175606.1444661022955.JavaMail.zimbra@wowway.com> <[🔎] 561BCA45.9060505@craneworks.de> <[🔎] 561C1DB1.8060901@longlandclan.id.au> <[🔎] 1539111333.49518996.1444694339269.JavaMail.zimbra@wowway.com> <[🔎] 561C8A57.1060704@longlandclan.id.au> <[🔎] 20151013081521.GU4908@well-adjusted.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 13/10/2015 7:15 PM, Jochen Spieker wrote:
> Stuart Longland: I had a similar case on my self-administered mail
> host. A friend of mine has an account there and random hosts from
> all over the world used his credentials to send legitimately
> looking spam. We never found out how this happened but changing the
> password was enough to make it stop.

Odds on it was open WiFi somewhere, people trust public WiFi ... I
cannot understand why.  It is patently stupid [or ignorant at best] to
use public [or otherwise open] WiFi -- if you don't run it yourself or
you totally trust the person whom is running it, then leave it alone.

Linus had quite a fit over OpenSuSE handling of WiFi networks; it was
asking for root password to enable the WiFi (amongst other things) --
that I think is absolutely the right way to do this.  Admins should
allow network access specifically, not ordinary users, let alone
Linus' daughter whom otherwise should never need to know the root
password.

Of course, using VPN for everything and I do mean everything on an
untrusted WiFi /may/ help, but you better not be running an insecure
VPN like PPTP.

Cheers
A.

[1] https://plus.google.com/+LinusTorvalds/posts/1vyfmNCYpi5
 - and related write up about retiring kernel devs as a bonus:
    http://fossforce.com/2015/10/good-software-bad-behavior/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlYdIbcACgkQqBZry7fv4vsOEAEAm9v7mwybNM05hKATeTr09Bgi
DET56kiMt89R6DXOalABAJetGdpSh9ee5Rz1LiOqBgC+MV/i+HVRDR/TiSKkgC4K
=2WiA
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: [OT] Has my e-mail account been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Has my e-mail account been hacked?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>

References:
- [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Florian Pelgrim <florian.pelgrim@craneworks.de>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stuart Longland <stuartl@longlandclan.id.au>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stuart Longland <stuartl@longlandclan.id.au>
- Re: [OT] Has my e-mail account been hacked?
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: unlisted mirrors & non-gui installation
Next by Date: Re: Unable to Install Stretch on Laptop, not Loading iwlwifi
Previous by thread: Re: [OT] Has my e-mail account been hacked?
Next by thread: Re: [OT] Has my e-mail account been hacked?
Index(es):
- Date
- Thread