Yahoo mail content not secure?

Discussion in 'privacy problems' started by new2security, Aug 25, 2014.

Thread Status:
Not open for further replies.
  1. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Hi,

    For the past couple of days I've been wondering whether or not Yahoo mail is secure against eavesdropping etc. Reason is, recently I've noticed some emails in the spam folder that are using subject lines that are very very specific ; e.g. containing words that have been used by me in the subject line /and body of email.

    For example; If I write "Blue scissors" & "Yellow Spiders" later I find spam mails with the subject lines; "Blue Scissors" & "Spiders" - of course with a embedded link that either encourages me to download malware or re-direct me to a malware ridden site.

    Obviously, this can't be a coincidence.

    I doubt the account has been hacked but I've changed the password and I'm monitoring if something similar will happen.

    Any idea what might've happened?
     
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Something's up.

    Yahoo mail has never had the best security: http://www.forbes.com/sites/jameslyne/2014/01/31/yahoo-hacked-and-how-to-protect-your-passwords/
    You could of easily been napped in one of the old breaches, or even from another breach if you use the same password on all your accounts. If you changed the password (with a good password https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html ) and your current system is clean from malware, you shouldn't be getting any more spam with words you've used yourself. You'll probably still get spam of some sort though, I'd think your email is already setup to get more spam at this point.

    I'd abandon that email address if you can (just give all your contacts your new adress) and switch to any of these: http://prxbx.com/email/ Then just watch that yahoo address to see if you still get any weird spam emails.

    You can always shoot over any of the malware spam email links to the AV providers so some good will come of it. See: http://www.techsupportalert.com/con...alse-positives-multiple-antivirus-vendors.htm
     
  3. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492

    Thanks for your thoughts and email link.
    Since the heartbleed bug, I've changed the password at least twice.
    My computers don't contain malware, I'm pretty sure of that too.
    One possible MITM vector is use of public /hotel/airport wi-fi, but other than those spam mails, there are no other signs of a breached account.

    At this point it's difficult if not impossible to abandon the Yahoo account.
    I will have to closely monitor what's arriving in the spam folder and so forth.
     
  4. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I just thought of this. Another possibility is that one of your contacts has an infection (or compromised account), and that'd explain why your sent messages are being used as spam email subject headers.

    See if you can narrow it down to a certain contact. Maybe they're infected and not you.
     
  5. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492

    I didn't think of that. That's most likely what has happened.
     
  6. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Did you ever ask yourself why yahoo mail is free and what it cost to host all those email accounts, and why they offer free mail?
    ..The same for all other free mail account providers..
     
  7. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    I'm not confident to say that the paid versions are more secure just because they cost a buck. If anything companies like Google can build a secure product/service and infrastructure. At least in theory.
     
  8. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Sigh, ANY large email provider lacks security dude. First order of business in email security and privacy is the provider you chose to use. Yahoo and Google would like be my last choice for a provider.
     
  9. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    What is that small email providers have that big providers don't?
    Perhaps your statement is correct but then how reliable are those small players considering that they may or may not exist in e.g. 5 years from now...
     
  10. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Well. I see privacy and anonymity as the holy grail. I don't trust the larger email providers. Once compromised providers are throw away IMO. I use I am guessing ten or more email accounts for different purposes. But then I come from an era where privacy and anonymity are king above and beyond most other considerations.
     
    Last edited: Aug 25, 2014
  11. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    All you can do is make people aware of alternatives, not try and force anything on anyone.

    Again, his issue is very likely that one of his contacts is comprised. His own yahoo account is probably not compromised.
     
  12. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    So it's Privacy vs Longevity (of service) and also uptime. But IMO there are no palpable guarantees for increased privacy even if you use a small email provider unless you encrypt your emails with PGP and the recipients also use the technology.. It also implies you really can't send and receive emails to recipients whose email address end with Google/Microsoft/Yahoo.com.
     
  13. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    It implies what it says, trust no provider. If you value concepts like privacy, then once a provider becomes compromised, they hit the round file or at the very least never get used for private communication ever again. Everyone's communication needs are different. I chose to relegate Yahoo/Google/Microsoft accounts to the status of untrustworthy account status. Nothing I will ever send through these providers will amount to anything of any importance. This is regardless of the size of the provider. However, if you examine the Snowden documents from 2013 you will find most of the larger providers compromised.
     
Loading...
Similar Threads
  1. ronjor
    Replies:
    3
    Views:
    615
Thread Status:
Not open for further replies.