[conspire] Fwd: Conspire Hey!

Rick Moen rick at linuxmafia.com
Thu Nov 15 13:38:42 PST 2012

Quoting Adrien Lamothe (alamozzz at yahoo.com):

> check this out [spamvertised URL]

Adrien's Yahoo login credentials were apparently stolen by spamvertising
cretins pushing a work-from-home scam.  I've telephoned him to advise of 
his problem and made sure no further pollution from his subscribed
account is possible pending his cleanup.

I'm also purged that post from the archives.  (It takes ~20 mins
to rebuild archives for a mailing list with 12 years of traffic.)

Popular 'free' webmail services (Yahoo, GMail, Hotmail, etc.) seem
hotbeds of this sort of credential theft, and Yahoo accounts seem
particularly affected.  A propos of that, I notice:

  Report: Half a Million Yahoo User Accounts Exposed in Breach
  By Kim Zetter
  07.12.12, 12:19 PM

Article ends with this valuable reminder:

  The attacks highlight the danger of re-using passwords at different
  websites, as hackers can mine the data and attempt to use the same
  credentials with more sensitive accounts that users may have, such as
  online banking and e-mail accounts.

Personally, I keep my (globally unique and strong) username/password 
data in a PDA, airgapped from the computers and other places I use them,
using this open-source 3DES-encrypted datastore utility for PalmOS:

Other people elect, instead, to use an online computer-workstation-based
encrypted datastore -- which is a defensible choice but faces attack
modes that my airgapped one evades.  Regardless, in either case, the
win is that you are enabled to cease reusing passwords or relying on
weak passwords, as the datastore helps you overcome human memory
limitations that naturally lead people to do dumb things with passwords.

More information about the conspire mailing list