Lindaland
  Lindaland Central 2.0
  Verify If Your Email Has Been Compromised.

Post New Topic  Post A Reply
profile | register | preferences | faq

UBBFriend: Email This Page to Someone! next newest topic | next oldest topic
Author Topic:   Verify If Your Email Has Been Compromised.
DualGemV2
Knowflake

Posts: 1042
From: Toronto, Ontario
Registered: Aug 2016

posted February 02, 2022 01:47 AM     Click Here to See the Profile for DualGemV2     Edit/Delete Message   Reply w/Quote
I wasn't sure if I should say anything..

But if one person has an account that has been compromised on lindaland it can effect other people that are on the contact list.

I'm sure most of you have email accounts that link to each other.

There are other risks associated too...

Generally, I try to avoid online scanners as there is the risk that they contain malware themselves.

However, I know the website below has been sanitized and checked.

Check your email account with the link provided.
http://haveibeenpwned.com

My Planets
=========================================
☉ ♊, ☽ ♈, ASC ♑, ☿ ♊, ♉, ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 02, 2022 08:57 AM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
The only way an e-mail account can be compromised here is if people openly post it, which is forbidden, but people still keep doing it. Bots are looking for e-mail addresses at LL and any large site. I would not recommend any program that scans your computer. Is it selling anything? If so, it will likely find a "problem." If an e-mail has been compromised, it will likely be on the dark web, and Credit Karma will scan that for free without scanning your computer.

IP: Logged

DualGemV2
Knowflake

Posts: 1042
From: Toronto, Ontario
Registered: Aug 2016

posted February 02, 2022 09:16 AM     Click Here to See the Profile for DualGemV2     Edit/Delete Message   Reply w/Quote
I'd also be currious into looking what kind of hashing technique for the logins is used for the accounts as well and how there stored.

My Planets
=========================================
☉ ♊, ☽ ♈, ASC ♑, ☿ ♊, ♉, ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 02, 2022 01:21 PM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
The NSA can hack almost any site with impunity if they use the https protocol. When it was leaked that the NSA developed it and promoted it through private companies for security, there was an outrage, but people seem to have forgotten.

IP: Logged

DualGemV2
Knowflake

Posts: 1042
From: Toronto, Ontario
Registered: Aug 2016

posted February 02, 2022 03:55 PM     Click Here to See the Profile for DualGemV2     Edit/Delete Message   Reply w/Quote
quote:
Originally posted by Randall:
The NSA can hack almost any site with impunity if they use the https protocol. When it was leaked that the NSA developed it and promoted it through private companies for security, there was an outrage, but people seem to have forgotten.

What is mentioned above has nothing to do with https, completely different security concept.

Https makes no difference once you can gain access via a compromised account.

My Planets
=========================================
☉ ♊, ☽ ♈, ASC ♑, ☿ ♊, ♉, ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 02, 2022 06:28 PM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
Im saying that the security of https is worthless as it relates to the NSA, because they created the program. You need more than just an e-mail address to become compromised for a site. You also need a password. It isnt very technical. Mainly what happens is the contact list is sent a spoof e-mail hoping to convince the recipients to click on a link. Dont open any suspicious e-mails, and dont click on links. Go to the familiar site directly, and you will be fine.

IP: Logged

DualGemV2
Knowflake

Posts: 1042
From: Toronto, Ontario
Registered: Aug 2016

posted February 02, 2022 08:26 PM     Click Here to See the Profile for DualGemV2     Edit/Delete Message   Reply w/Quote
quote:
Originally posted by Randall:
Im saying that the security of https is worthless as it relates to the NSA, because they created the program. You need more than just an e-mail address to become compromised for a site. You also need a password. It isnt very technical. Mainly what happens is the contact list is sent a spoof e-mail hoping to convince the recipients to click on a link. Dont open any suspicious e-mails, and dont click on links. Go to the familiar site directly, and you will be fine.

It's not a program it's called ssl/https striping were you downgrade the encryption to a lower level....anyone can do it.

Anyway back to the email...
Not true, remember the Ashley Madison leak?
One compromised account lead to the hash functions being reveled for all the accounts being stored.

If you can gain access by compromising one account possibly by email you gain the rest.

Never ever get confident with the level of security you have.

My Planets
=========================================
☉ ♊, ☽ ♈, ASC ♑, ☿ ♊, ♉, ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 02, 2022 09:34 PM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
Program may have been a misnomer. But the NSA created it and uses it to hack those sites who implement itwhich is almost all sites. Hell, I would get an SSL certificate myself if LL sold anything that required users to input their credit cards. I think the official line is that no one knows how Ashley Madison was hacked.

IP: Logged

MoonMystic
Knowflake

Posts: 6406
From: ♏ Rising
Registered: Nov 2016

posted February 03, 2022 05:06 PM     Click Here to See the Profile for MoonMystic     Edit/Delete Message   Reply w/Quote
DualGemV2,
I've personally had no compromise.
Happy to say I get barely any email. My spam folders take in the small amount I ever get. My mother's event didn't spread beyond her and it's been resolved. I check my machine consistently +never open unknown emails, or links. I honestly don't even open newletters I'm signed up for. I get too busy.

I'm curious why the "s" drama on the "https" here@LL. I know when removing "s" the secure socket is gone. I hope not but felt need to ask, by our offering clickable links like (http vs https) that place any one here in a compromising position?

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 03, 2022 07:21 PM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
Never enter your credit card at any site without a current SSL certificate. Even then, be careful about providing personal information that is stored on a site. Huge sites have been hacked, even including one of the three credit bureaus, Equifax.

IP: Logged

PixieJane
Knowflake

Posts: 9716
From: CA
Registered: Oct 2010

posted February 04, 2022 07:02 PM     Click Here to See the Profile for PixieJane     Edit/Delete Message   Reply w/Quote
Hey, dropping by briefly.

I wanted to add that I'm getting A LOT of "was this you" by scammers claiming to be Microsoft. They look legite. But the real address of them should be: account-security-noreply@accountprotection.microsoft.com

I've reported them all as phishing rather than clicking on it for what it's worth. I'm still getting a lot of others, including Facebook when I never have (and never will) had a FB account.

NEXT DAY: got another one. They're trying to get closer to the actual email address, I think it was only off by adding "23" to "account protection." It asked if I'd tried to change my password.

Don't let these scumbags pwn you!

EDITED TO ADD 3/9/22: the most skilled phishing yet, I had to double check. But it was phishing. They tried to add a fear factor of someone signing into my account from Moscow. ******** .

Though in truth, the technocracy (Microsoft, Facebook, Suddenlink, etc) are about as low (if not lower) than these scumbags.

xxxxx


As one more bit of advice, Avast is overrated, at least beyond free. I got it, and after a year I figured the right thing to do was to start paying them, and I did.

Their reaction: "Sucker, let's milk her for all she's worth!"

It stopped working (even the free stuff, but they were going to keep charging me for it), and tried to sell me software that was over 3x what I'd already paid to "fix" the problem, and looking up others who had the same problem, they say sometimes they'll then try to sell you more after you buy the first software package to get it to work.

In any case, Avast acts in bad faith.

I told them to remove it, I'd no longer use them, not even their free stuff. They wouldn't until I gave notice of legal action, at which point they quickly complied (and tried, unsuccessfully, to get me to trust them again). (ETA: I was also never refunded what I did pay them though I got no further use once I paid, but I let it go as for the first year that I used them for free, and tired of the hassle of dealing them, just glad I wouldn't be forced to pay the bad actors anymore.)

And for the cherry on top, one of the "pwns" comes from Avast. They kept my info for YEARS after I discontinued, and it was stolen in the breach.

Someone has to speak up against Avast given how many swear by them.

Gotta run

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 04, 2022 09:25 PM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
Thanks, Pix. Lots of helpful info.

IP: Logged

DualGemV2
Knowflake

Posts: 1042
From: Toronto, Ontario
Registered: Aug 2016

posted February 05, 2022 12:18 PM     Click Here to See the Profile for DualGemV2     Edit/Delete Message   Reply w/Quote
quote:
Originally posted by MoonMystic:
DualGemV2,
I've personally had no compromise.
Happy to say I get barely any email. My spam folders take in the small amount I ever get. My mother's event didn't spread beyond her and it's been resolved. I check my machine consistently +never open unknown emails, or links. I honestly don't even open newletters I'm signed up for. I get too busy.

I'm curious why the "s" drama on the "https" here@LL. I know when removing "s" the secure socket is gone. I hope not but felt need to ask, by our offering clickable links like (http vs https) that place any one here in a compromising position?


I'm glad you read my post.. I read your "pirate post" and really wanted to be helpfull in someway.

Off topic GalacticCoreExplosionV2 sounds like a interesting and cool guy..

So if I help you i'm also helping him in someway!!! at least i'd like to think so.

Https just makes it a bit harder for an eavesdropper to tamper with your browser...

The catch is you have to be on the same network...so if you use the public wifi at starbucks you will end up being on the same network as someone else.

If it's your home or private network..I whouldn't worry, I was a little concerned if someone else was also connected to your network or you were connected to a public network and accesed a website with http when the phishing happened.

=========================================
☉ ♊, ☽ ♈, ASC ♑, ☿ ♊, ♉, ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

IP: Logged

Randall
Webmaster

Posts: 154771
From: I hold a Juris Doctorate (J.D.) and a Legum Magister (LL.M.)!
Registered: Apr 2009

posted February 06, 2022 12:28 AM     Click Here to See the Profile for Randall     Edit/Delete Message   Reply w/Quote
Well-said.

IP: Logged

viviette
Knowflake

Posts: 357
From: FR
Registered: Feb 2018

posted February 17, 2022 05:29 PM     Click Here to See the Profile for viviette     Edit/Delete Message   Reply w/Quote
I think the last one was an attempt on people's Wordpress accounts.

My concern is some people may have credit card info stored on there, if they pay for their website? If that had been me, I'd order a new card.
Also you can be more prone to phishing emails if a 3rd party gets hold of your email with some of your personal info, hoping you'll click on enclosed links, but I didn't notice anything like that when me email was pwned.

IP: Logged

DualGemV2
Knowflake

Posts: 1042
From: Toronto, Ontario
Registered: Aug 2016

posted February 17, 2022 07:20 PM     Click Here to See the Profile for DualGemV2     Edit/Delete Message   Reply w/Quote
quote:
Originally posted by viviette:
I think the last one was an attempt on people's Wordpress accounts......

In the case of wordpress it has a known vulnerability called Cross-Site Scripting (XSS) which is what's called an injection type attack.

An injection type attack basically involves a malicious user adding an outside script(s) to make a website or application do something different then what it should be doing.

(XSS) Cross-Site Scripting attacks come in three forms, stored, reflect and DOM based.

I won't go through them all, the easiest for an attacker is Stored XSS.

This involves a malicious script being added via links or by content being added to the site.

Pintrest is a big violator of this because users are basically "pinning" and adding other scripts from other sites onto there site.

Advertisements would be another way for malicious scripts to enter.

quote:
Originally posted by viviette:
......My concern is some people may have credit card info stored on there, if they pay for their website? If that had been me, I'd order a new card.

Now in the case of your credit card info I know it costs a little bit more money or might be a bit of an inconvenience.

But if I suspect the site isn't secure
and I'm given the option to pay by paypal, google pay, apply pay or anything similar I will select that option.

The reason is your adding one extra layer of protection. Paypal will not reveal any of your data it will simple make a payment on your behalf....

...It's like getting a family member to buy something on your behalf without you having to reveal yourself.

I mentioned this on another fourm, I'm sure your aware of the truckers protest
in Canada that had a gofundme.

Well, the gofundme was hacked and anyone that directly put there credit card info whould have had all there information reveled.

Had they used paypal instead, paypal would have paid the donation and whould have kept things confidential.

quote:
Originally posted by viviette:
....
Also you can be more prone to phishing emails if a 3rd party gets hold of your email with some of your personal info, hoping you'll click on enclosed links, but I didn't notice anything like that when me email was pwned.

Not only that if your on a chain mail and one of your friends account is compromised it will spread to you.

Best thing is to keep any eye for anomalies, on your email account...anything that doesn't seam normal will indicate something on unusual.

=========================================
☉ ♊, ☽ ♈, ASC ♑, ☿ ♊, ♉, ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑

IP: Logged

All times are Eastern Standard Time

next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

Contact Us | Linda-Goodman.com

Copyright 2000-2022

Powered by Infopop www.infopop.com © 2000
Ultimate Bulletin Board 5.46a