TECHNOLOGY: React to Yahoo Address Book compromise


*** begin quote ***

This is an attack that I’ve seen on many others. It’s basically vectored against your Yahoo address book. It can be (I’ve seen both) (a) maware on windoze personal computer; or (b) your Yahoo account is compromised.

I suggest:

(1) Get a backup of your data asap. I like lots of copies taken differently.

(2) Adding a known unique address like “XYZXYZXYZ _” to your yahoo address book, that exists no where else, so you can know when your book is accessed.

(3) Immediately changing your Yahoo account password to a 30 character random like “NFVjviIUAiDipmo3EiYgSQoSdb3XO8”. Read my blog about alpha spammers. Eventually they id every yahoo, gmail, or hotmail account and then begin to attack them to find out the password. Once discovered, they take over the account, lock you out, and all sorts of mischief ensured. When you’re locked out, it becomes nearly impossible to recapture it.

(4) Run all the various anti-malware packages on your machines until you find the culprit. Some times, like XYZXYZXYZ, you find it after only three. Some times, it takes dozens, but it is there. In rare occasions, (2/42), you lose the whole machine and have to do the dreaded “bare metal restore”.

This is an immediate threat to your computing environment. Once the bad guy “discover” your account, you only have days to react to it. (I imagine the bad guys “finding bot” factory discovering accounts, then they turn on the “cracking bot”. Then they turn it over to real people.)


p.s., that why I recommend having one’s own domain. It’s not worth attacking. Too sparss a target. And, probably practices good info sec hygiene.

*** begin another quote ***

May I suggest that you have your own domain? The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I own “”. (I like saying “sea sea me at”! will actually work!) I gives one quite a bit of control. And, it’s very cheap. I know three solutions at 15$/year using wordpressdotcom with gmail, 25$/year email only with 1and1, and 60$/year for domain+email+webspace also at 1and1. My point is not that you should use 1and1. I could care less which one you use. It’s that getting on to your own domain with email is cheap and easy. And, it’s not hotmail, yahoo, or gmail. It IS your own “personal brand”.

*** end another quote ***

*** end quote ***

# # # # #

FUN? Changing “engineers” isn’t going to change the destination


Pretty funny. Pretty sad. At a time, when you should be thinking about a “life marker” … and pretty dumb. Like picking the other member of the duopoly will make a difference. We need a “game changer”. Because since Lincoln, we’ve been on a runaway train. Changing “engineers” isn’t going to change the destination.

# # # # #

Categories FUN