I get spammed all the time too. I just delete the stuff 
and not open it in the first place. 

There was something odd about this one, that's why brought 
it to Ffitch's attention. There was potential for bigger problems.


-Partev

========================================================

--- mle+la@mega-nerd.com wrote:

From: Erik de Castro Lopo 
To: csound@lists.bath.ac.uk
Subject: Re: [Csnd] how are you
Date: Wed, 16 Mar 2011 14:27:30 +1100

Marc D. Demers wrote:

> Me too, my email has been hacked two weeks ago.

Did someone get access to your account (ie get your password)
or did you just get spam?

> The hacker got my email address from the list of contact from
> one of my student that has a gmail address.

>From the sounds of this, you just got spammed. Everyone gets
spam. Welcome to the internet.

>From reading some of the google forums its seems most people
are getting hacked (ie their passwords leak into the hands
of spammers) by accessing their accounts on open WiFi networks
using insecure protocols like POP and IMAP  (ie send username/
password in clear text) from portable devices like iPhones.

This is insane, because there a secure SSL encypted versions
of both the POP and IMAP protocols.

Erik

Having used to work for a dating website as an administrator (yes you
heard it right!) I was told by the technical team that it is very easy
to make an email appear from someone's email address even without
hacking into their account. Not sure how it's done but it's done.

Best,
Peiman

On 16 March 2011 15:26, Partev Barr Sarkissian  wrote:
> I get spammed all the time too. I just delete the stuff
> and not open it in the first place.
>
> There was something odd about this one, that's why brought
> it to Ffitch's attention. There was potential for bigger problems.
>
>
> -Partev
>
> ========================================================
>
> --- mle+la@mega-nerd.com wrote:
>
> From: Erik de Castro Lopo 
> To: csound@lists.bath.ac.uk
> Subject: Re: [Csnd] how are you
> Date: Wed, 16 Mar 2011 14:27:30 +1100
>
> Marc D. Demers wrote:
>
>> Me too, my email has been hacked two weeks ago.
>
> Did someone get access to your account (ie get your password)
> or did you just get spam?
>
>> The hacker got my email address from the list of contact from
>> one of my student that has a gmail address.
>
> From the sounds of this, you just got spammed. Everyone gets
> spam. Welcome to the internet.
>
> From reading some of the google forums its seems most people
> are getting hacked (ie their passwords leak into the hands
> of spammers) by accessing their accounts on open WiFi networks
> using insecure protocols like POP and IMAP  (ie send username/
> password in clear text) from portable devices like iPhones.
>
> This is insane, because there a secure SSL encypted versions
> of both the POP and IMAP protocols.
>
> Erik
> --
> ----------------------------------------------------------------------
> Erik de Castro Lopo
> http://www.mega-nerd.com/
>
>
> Send bugs reports to the Sourceforge bug tracker
>            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"
>
>
>
>
>
> _____________________________________________________________
> Netscape.  Just the Net You Need.
>
>
> Send bugs reports to the Sourceforge bug tracker
>            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"
>
>


Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe csound"

Yes, this is very easy. All you need is an open relay (though they are much harder to find nowadays). Or your own mailer (though that will be trivially traced back to your IP).

When I learned this was possible I successfully sent an email to a friend from the address "haha@this.is.a.fake.address", or something like that. This was years ago when toad.com ran an open relay, I sent the mail by telnetting to their sendmail port and entering the commands by hand. Nowadays I am pretty sure most major mail systems keep track of known open relays and ignore all email from said relays (though a virus or trojan will occassionally install its own mailer and then, for example, send spam with random addresses in your address book in the From: field).

----- Original message -----
> Having used to work for a dating website as an administrator (yes you
> heard it right!) I was told by the technical team that it is very easy
> to make an email appear from someone's email address even without
> hacking into their account. Not sure how it's done but it's done.
>
> Best,
> Peiman
>
> On 16 March 2011 15:26, Partev Barr Sarkissian <encino_man@netscape.com>
> wrote:
> > I get spammed all the time too. I just delete the stuff
> > and not open it in the first place.
> >
> > There was something odd about this one, that's why brought
> > it to Ffitch's attention. There was potential for bigger problems.
> >
> >
> > -Partev
> >
> > ========================================================
> >
> > --- mle+la@mega-nerd.com wrote:
> >
> > From: Erik de Castro Lopo <mle+la@mega-nerd.com>
> > To: csound@lists.bath.ac.uk
> > Subject: Re: [Csnd] how are you
> > Date: Wed, 16 Mar 2011 14:27:30 +1100
> >
> > Marc D. Demers wrote:
> >
> > > Me too, my email has been hacked two weeks ago.
> >
> > Did someone get access to your account (ie get your password)
> > or did you just get spam?
> >
> > > The hacker got my email address from the list of contact from
> > > one of my student that has a gmail address.
> >
> > From the sounds of this, you just got spammed. Everyone gets
> > spam. Welcome to the internet.
> >
> > From reading some of the google forums its seems most people
> > are getting hacked (ie their passwords leak into the hands
> > of spammers) by accessing their accounts on open WiFi networks
> > using insecure protocols like POP and IMAP  (ie send username/
> > password in clear text) from portable devices like iPhones.
> >
> > This is insane, because there a secure SSL encypted versions
> > of both the POP and IMAP protocols.
> >
> > Erik
> > --
> > ----------------------------------------------------------------------
> > Erik de Castro Lopo
> > http://www.mega-nerd.com/
> >
> >
> > Send bugs reports to the Sourceforge bug tracker
> >            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> > Discussions of bugs and features can be posted here
> > To unsubscribe, send email sympa@lists.bath.ac.uk with body
> > "unsubscribe csound"
> >
> >
> >
> >
> >
> > _____________________________________________________________
> > Netscape.  Just the Net You Need.
> >
> >
> > Send bugs reports to the Sourceforge bug tracker
> >            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> > Discussions of bugs and features can be posted here
> > To unsubscribe, send email sympa@lists.bath.ac.uk with body
> > "unsubscribe csound"
> >
> >
>
>
> Send bugs reports to the Sourceforge bug tracker
>                        https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email sympa@lists.bath.ac.uk with body "unsubscribe
> csound"
>

Carl wrote:

> In my case it was a hack unfortunately - I thought gmail was more secure...

You sir are in a state of denial.

This was almost certainly not Gmail's fault. It is very much
more likley that your username/password was discovered by
the miscreants through one of the following methods:

  a) Your password was easily guessable (ie 123456). The
     miscreants use a botnet and a list of common passwords
     to try an guess Gmail account logins.

  b) A machine you used (eg home machine, machine in public
     library, internet cafe etc) has a virus that includes a
     keyboard sniffer that captured your login credentials and
     sent it back to the miscreants.

  c) You accessed your gmail account using a portable device
     via a public WiFi network using an insecure protocol
     like POP or IMAP that sends your username/password in
     clear text. The miscreate listens on the public WiFi
     network for things like gmail account logins.

  d) You sold, lost or had stolen a machine which had your
     login credentials on the hard drive.

Thats not even an exhaustive list.

All of the above are security lapses on your part, ie you
inadvertently *gave* your login details to the miscreants.
None of the above have anything to do with Gmail security.

Erik