<div dir="ltr"><div dir="ltr"><div dir="ltr">Michael, thanks for the page of Firefox safety links.</div><div dir="ltr"><br></div><div dir="ltr">One of the "safety links" is <a href="https://monitor.firefox.com/">https://monitor.firefox.com/</a></div><div dir="ltr"><br></div><div>When I entered one of my email addresses at the above page, the report indicated my email address and data were exposed in two events:</div><div>(1) Apollo and (2) Linux Forums. Here is a link to a Wired article about Apollo <a href="https://www.wired.com/story/apollo-breach-linkedin-salesforce-data/">https://www.wired.com/story/apollo-breach-linkedin-salesforce-data/</a>, <br></div><div>and below is the report from Firefox</div><div><br></div><div>
<div id="gmail-content-wrap" class="gmail-content-wrap">
<div id="gmail-confirm-your-account" class="gmail-modal-content gmail-confirm-your-account">
<div class="gmail-modal-content-wrap">
</div></div></div><div class="gmail-confirm-your-account-icon">
</div>
<div class="gmail-modal-content-wrap">
</div>
<div class="gmail-input-group">
<input id="gmail-subscribe-email-input" class="gmail-input-group-field" type="email" name="email">
</div>
<input id="gmail-additional-emails-checkbox" type="checkbox" name="additional-emails" value="additional-emails">
<div class="gmail-half">
<a class="gmail-wrap-row" href="https://monitor.firefox.com/">
<h1><span class="gmail-demi">Firefox</span> Monitor</h1>
</a>
</div>
<div class="gmail-half gmail-social_container">
<ul class="gmail-social-media-sharing-buttons gmail-stack"><li>
<a class="gmail-facebook" href="https://www.facebook.com/sharer/sharer.php?u=https://monitor.firefox.com" target="_blank" rel="noopener noreferrer">
<span>Share</span>
</a>
</li><li>
<a class="gmail-twitter" href="https://twitter.com/intent/tweet?url=https://monitor.firefox.com" target="_blank" rel="noopener noreferrer">
<span>Tweet</span>
</a>
</li></ul>
</div>
<div class="gmail-section-wrapper gmail-breach-container">
<h3 id="gmail-found-breaches" class="gmail-section-headline">Your information was part of a data breach.</h3>
<p>Accounts associated with your email address appeared in the following 2 breaches.</p>
<div class="gmail-compromised-accounts">
<div class="gmail-section-wrapper">
<div class="gmail-half gmail-listings">
<div class="gmail-account gmail-wrap-row">
<div class="gmail-image-wrap">
</div></div></div></div></div></div><div class="gmail-half gmail-listings"><div class="gmail-account gmail-wrap-row"><div class="gmail-image-wrap">
</div>
<div class="gmail-breach-info-wrap">
<h4 class="gmail-medium">Apollo</h4>
<span class="gmail-breach-info"><span class="gmail-medium">Breach date:</span>July 23, 2018</span>
<span class="gmail-breach-info"><span class="gmail-medium">Compromised accounts:</span>125,929,660</span>
<span class="gmail-breach-info"><span class="gmail-medium">Compromised data:</span>Email addresses, Employers, Geographic locations, Job titles, Names, Phone numbers, Salutations, Social media profiles</span>
</div>
</div>
</div>
<div class="gmail-half gmail-listings">
<div class="gmail-account gmail-wrap-row">
<div class="gmail-image-wrap">
</div></div></div><div class="gmail-section-wrapper gmail-breach-container"><div class="gmail-compromised-accounts"><div class="gmail-section-wrapper"><div class="gmail-half gmail-listings"><div class="gmail-account gmail-wrap-row"><div class="gmail-image-wrap">
</div>
<div class="gmail-breach-info-wrap">
<h4 class="gmail-medium">Linux Forums</h4>
<span class="gmail-breach-info"><span class="gmail-medium">Breach date:</span>May 1, 2018</span>
<span class="gmail-breach-info"><span class="gmail-medium">Compromised accounts:</span>275,785</span>
<span class="gmail-breach-info"><span class="gmail-medium">Compromised data:</span>Email addresses, IP addresses, Passwords, Usernames</span>
</div>
</div>
</div>
<div class="gmail-whole gmail-align-left">
<span class="gmail-source-info">
Breach data provided by <a id="gmail-hibp-link" href="https://www.haveibeenpwned.com" target="_blank" rel="noopener noreferrer">Have I Been Pwned</a>
</span>
</div>
</div>
</div>
</div>
<div id="gmail-sign-up-banner" class="gmail-banner">
<div class="gmail-section-wrapper">
<div class="gmail-fourth gmail-subscribe-icon-wrapper">
</div>
<div class="gmail-half">
<h2 class="gmail-medium gmail-secondary-title">Sign up for Firefox Monitor alerts.</h2>
<p class="gmail-demi">Your detailed <span class="gmail-nowrap">Firefox Monitor</span> report shows if information from your online accounts has been leaked or stolen.
We’ll also alert you if your accounts appear in new website breaches.</p>
</div>
<div class="gmail-fourth">
</div></div></div>
<div class="gmail-section-wrapper gmail-drop-shadow">
<h3 class="gmail-whole gmail-section-headline">What to do when your information is exposed in a data breach.</h3>
<div class="gmail-half">
<div class="gmail-num-icon">
</div></div></div><div class="gmail-half"><div class="gmail-num-icon">
</div>
<div class="gmail-wrap-col">
<p class="gmail-medium">Change your passwords, even for old accounts.</p>
<p>If you can’t log in, contact the website to ask how to update it.
See an account you don’t recognize? Your data could have been sold
or redistributed. This could also be an account you forgot you
created or a company that changed names.</p>
</div>
</div>
<div class="gmail-half">
<div class="gmail-num-icon">
</div></div><div class="gmail-half"><div class="gmail-num-icon">
</div>
<div class="gmail-wrap-col">
<p class="gmail-medium">Stop using the exposed password, and change it everywhere you’ve used it.</p>
<p>Hackers may try to use that same password and your email to get in to other accounts.
Create a different and unique password for every account, especially for your bank account,
email, and other websites where you save personal information.</p>
</div>
</div>
<div class="gmail-half">
<div class="gmail-num-icon">
</div></div><div class="gmail-half"><div class="gmail-num-icon">
</div>
<div class="gmail-wrap-col">
<p class="gmail-medium">Take extra steps to secure your financial accounts.</p>
<p>Most breaches only expose emails and passwords, but some do include sensitive financial information.
If your bank account or credit card numbers were exposed, alert your bank to possible fraud.
Monitor statements for charges you don’t recognize.</p>
</div>
</div>
<div class="gmail-half">
<div class="gmail-num-icon">
</div></div><div id="gmail-what-to-do" class="gmail-"><div class="gmail-section-wrapper gmail-drop-shadow"><div class="gmail-half"><div class="gmail-num-icon">
</div>
<div class="gmail-wrap-col">
<p class="gmail-medium">Get help remembering all your passwords and keeping them safe.</p>
<p>Password managers like 1Password, LastPass, Dashlane, and Bitwarden store your
passwords securely and fill them into websites for you. Use a password manager
on your phone and computer so you don’t have to remember them all.</p>
</div>
</div>
</div>
</div>
<div class="gmail-section-wrapper">
<div class="gmail-half">
<span class="gmail-section-headline">Scan Another Email Address</span>
<form id="gmail-scan-user-email" class="email-scan gmail-form-group" action="/scan" method="post">
<div class="gmail-input-group">
<input id="gmail-scan-email" class="gmail-input-group-field email-to-hash" type="email" name="email" tabindex="0">
<span id="gmail-invalid-email-message" class="error-message">Must be a valid email.</span>
</div>
<div class="gmail-input-group-button">
</div></form></div></div>
<div id="gmail-content-wrap" class="gmail-content-wrap"><div class="gmail-section-wrapper"><div class="gmail-half"><span class="gmail-privacy-policy">Your email will not be stored.</span>
</div>
</div>
</div>
<div class="gmail-section-wrapper">
<div class="gmail-third">
<a class="gmail-footer-logo-wrapper" href="https://www.mozilla.org/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link" target="_blank" rel="noopener">
</a>
</div>
<ul class="gmail-third"><li>Support</li><li><a href="https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites" target="_blank" rel="noopener">About Firefox Alerts</a></li><li><a href="https://qsurvey.mozilla.com/s3/Firefox-Monitor-Feedback" target="_blank" rel="noopener">Give Feedback</a></li><li><a href="https://www.mozilla.org/privacy/firefox-monitor/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link" target="_blank" rel="noopener">Terms and Privacy</a></li><li><a href="https://github.com/mozilla/blurts-server/" target="_blank" rel="noopener noreferrer">
</a><br></li></ul>
<ul class="gmail-third"><li>Firefox</li><li><a href="https://www.mozilla.org/firefox/new/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link" target="_blank" rel="noopener">Download Firefox Quantum</a></li><li><a href="https://www.mozilla.org/firefox/mobile/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link" target="_blank" rel="noopener">Download Firefox Mobile</a></li><li><a href="https://www.mozilla.org/firefox/features/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link" target="_blank" rel="noopener">Features</a></li><li><a href="https://www.mozilla.org/firefox/channel/desktop/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link" target="_blank" rel="noopener">Beta, Nightly, Developer Edition</a></li></ul>
</div>
<div class="gmail-section-wrapper">
<div class="gmail-two-thirds gmail-copyright-info">
<p class="gmail-copyright-info">
Portions of this content are © 1999-2019 by individual <a href="http://mozilla.org">mozilla.org</a> contributors.
<a href="https://www.mozilla.org/foundation/licensing/website-content/" target="_blank" rel="noopener">
Content available under a Creative Commons license.
</a>
</p>
</div>
</div>
</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 26, 2019 at 10:32 PM Michael Paoli <<a href="mailto:Michael.Paoli@cal.berkeley.edu">Michael.Paoli@cal.berkeley.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> From: "Rick Moen" <<a href="mailto:rick@linuxmafia.com" target="_blank">rick@linuxmafia.com</a>><br>
> Subject: Re: [sf-lug] Safer Browsing<br>
> Date: Tue, 26 Feb 2019 15:52:09 -0800<br>
<br>
<br>
> I wasn't going to say anything, but posting links like<br>
> "<a href="http://links.nordvpn.com/u/click?_t=f675640029a34d1f9a5b14c05f06483a&_m=f7d48b5add0a43e081be8227eb53f86b&_e=KbL78jwVf3VoQqu1p9r-iuC8Dv9p9cjBePJhdwYDe9W3FQ-f-A8LwNNhy8no6r92iAUD2VXkkK2h2ehyhEGn0Z_h3VCxfdF0GHt_M2jFscrLh5r1RsAbrzQI6FGP30i4jtt1wp7ZDc3IoSqZbOdKjoYZlAHKcy_uTCvRDaDmLB7swsT8qtm63TWAn4UA2w6F6IaYFts40cYa4LfnUBo6BI4FPr7bSARtBkHwxhaJRAa0Sa-FplHke-WTAF-kcq7p3fzcbykia7kFgKfp3BoH6gvXn-61yEfN2Za7y_yOorhrN0-5_xspAO-JtynWPTkPNnWCQVwbgG_RvClfXBwD4aWyGvr5PU3XCvLl-IyVmkc%3D" rel="noreferrer" target="_blank">http://links.nordvpn.com/u/click?_t=f675640029a34d1f9a5b14c05f06483a&_m=f7d48b5add0a43e081be8227eb53f86b&_e=KbL78jwVf3VoQqu1p9r-iuC8Dv9p9cjBePJhdwYDe9W3FQ-f-A8LwNNhy8no6r92iAUD2VXkkK2h2ehyhEGn0Z_h3VCxfdF0GHt_M2jFscrLh5r1RsAbrzQI6FGP30i4jtt1wp7ZDc3IoSqZbOdKjoYZlAHKcy_uTCvRDaDmLB7swsT8qtm63TWAn4UA2w6F6IaYFts40cYa4LfnUBo6BI4FPr7bSARtBkHwxhaJRAa0Sa-FplHke-WTAF-kcq7p3fzcbykia7kFgKfp3BoH6gvXn-61yEfN2Za7y_yOorhrN0-5_xspAO-JtynWPTkPNnWCQVwbgG_RvClfXBwD4aWyGvr5PU3XCvLl-IyVmkc%3D</a>"<br>
> in a posting about "tools for security and privacy online"<br>
> did strike me as ironic in the extreme.<br>
<br>
Yum, look at all those tracking bits! <cough, cough>:<br>
$ curl -I <br>
'<a href="http://links.nordvpn.com/u/click?_t=f675640029a34d1f9a5b14c05f06483a&_m=f7d48b5add0a43e081be8227eb53f86b&_e=KbL78jwVf3VoQqu1p9r-iuC8Dv9p9cjBePJhdwYDe9W3FQ-f-A8LwNNhy8no6r92iAUD2VXkkK2h2ehyhEGn0Z_h3VCxfdF0GHt_M2jFscrLh5r1RsAbrzQI6FGP30i4jtt1wp7ZDc3IoSqZbOdKjoYZlAHKcy_uTCvRDaDmLB7swsT8qtm63TWAn4UA2w6F6IaYFts40cYa4LfnUBo6BI4FPr7bSARtBkHwxhaJRAa0Sa-FplHke-WTAF-kcq7p3fzcbykia7kFgKfp3BoH6gvXn-61yEfN2Za7y_yOorhrN0-5_xspAO-JtynWPTkPNnWCQVwbgG_RvClfXBwD4aWyGvr5PU3XCvLl-IyVmkc%3D" rel="noreferrer" target="_blank">http://links.nordvpn.com/u/click?_t=f675640029a34d1f9a5b14c05f06483a&_m=f7d48b5add0a43e081be8227eb53f86b&_e=KbL78jwVf3VoQqu1p9r-iuC8Dv9p9cjBePJhdwYDe9W3FQ-f-A8LwNNhy8no6r92iAUD2VXkkK2h2ehyhEGn0Z_h3VCxfdF0GHt_M2jFscrLh5r1RsAbrzQI6FGP30i4jtt1wp7ZDc3IoSqZbOdKjoYZlAHKcy_uTCvRDaDmLB7swsT8qtm63TWAn4UA2w6F6IaYFts40cYa4LfnUBo6BI4FPr7bSARtBkHwxhaJRAa0Sa-FplHke-WTAF-kcq7p3fzcbykia7kFgKfp3BoH6gvXn-61yEfN2Za7y_yOorhrN0-5_xspAO-JtynWPTkPNnWCQVwbgG_RvClfXBwD4aWyGvr5PU3XCvLl-IyVmkc%3D</a>'<br>
HTTP/1.1 303 See Other<br>
Date: Wed, 27 Feb 2019 06:21:32 GMT<br>
Content-Length: 0<br>
Connection: keep-alive<br>
Server: openresty/<a href="http://1.13.6.2" rel="noreferrer" target="_blank">1.13.6.2</a><br>
Vary: Origin<br>
Location: <br>
<a href="https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_allSet-Cookie" rel="noreferrer" target="_blank">https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_all<br>
Set-Cookie</a>: iterableEndUserId=seameadowlake%<a href="http://40gmail.com" rel="noreferrer" target="_blank">40gmail.com</a>; <br>
Max-Age=31536000; Expires=Thu, 27 Feb 2020 06:21:32 GMT; Path=/; <br>
Domain=.<a href="http://nordvpn.com" rel="noreferrer" target="_blank">nordvpn.com</a><br>
Set-Cookie: iterableEmailCampaignId=503620; Max-Age=86400; <br>
Expires=Thu, 28 Feb 2019 06:21:32 GMT; Path=/; Domain=.<a href="http://nordvpn.com" rel="noreferrer" target="_blank">nordvpn.com</a><br>
Set-Cookie: iterableTemplateId=712942; Max-Age=86400; Expires=Thu, 28 <br>
Feb 2019 06:21:32 GMT; Path=/; Domain=.<a href="http://nordvpn.com" rel="noreferrer" target="_blank">nordvpn.com</a><br>
Set-Cookie: iterableMessageId=f7d48b5add0a43e081be8227eb53f86b; <br>
Max-Age=86400; Expires=Thu, 28 Feb 2019 06:21:32 GMT; Path=/; <br>
Domain=.<a href="http://nordvpn.com" rel="noreferrer" target="_blank">nordvpn.com</a><br>
Set-Cookie: <br>
XSRF-TOKEN=96d7d0b0d4e29af9971a7a12c5802c98f2021d01-1551248492791-707c198a644a9cd89a2d00bc; <br>
Path=/<br>
Request-Time: 4<br>
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin<br>
X-Frame-Options: sameorigin<br>
X-XSS-Protection: 1; mode=block<br>
X-Content-Type-Options: nosniff<br>
X-Permitted-Cross-Domain-Policies: master-only<br>
Content-Security-Policy-Report-Only: ; report-uri <br>
<a href="https://sentry.io/api/22065/security/?sentry_key=d6d9333ad25747ba8107e7681de79ec4" rel="noreferrer" target="_blank">https://sentry.io/api/22065/security/?sentry_key=d6d9333ad25747ba8107e7681de79ec4</a><br>
<br>
$<br>
<br>
Ooooh, and http, so it can go across in the clear, so it can be<br>
sniffed, manipulated, ...<br>
<br>
So ... I think perhaps somebody meant to say:<br>
<a href="https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_all" rel="noreferrer" target="_blank">https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_all</a><br>
<br>
<br>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a> <br>
</blockquote></div>