Wikipedia:Reference desk/Archives/Computing/2013 June 18

= June 18 =

I've been hacked--What should I do?
Yesterday both of my Yahoo! accounts email sent spam messages to everyone in my contacts. I have strong password on each. Accordingly, I can only guess that I must have a active keylogger or some worm/virus that does the same. I dump my cookies all the time. I use only macs. I have, of course, changed my Yahoo! passwords. Can anyone give me some advice on what I should do now to 1) route out anything on my Imac and 2) keep this from happening again? Since I thought it might help you identify the source of the breach (since they may do this to others all the time), the spam messages were varied, such as "How are you?" followed by my Yahoo username; and then a whole, bunch were to different URLS in the form "hello! http: usokgor.com/nhv/jik/ohy/piosz.html and many others URLs, all linking to some spam advertisement for "RASPBERRY ULTRA DROPS TO HELP YOU LOSE WEIGHT" from a fake Fox News site. I am really concerned.--108.27.62.131 (talk) 14:36, 18 June 2013 (UTC)


 * I can't make any suggestions for malware scanning on a Mac, but you should be aware that there are other ways your password could have been compromised as well. If you use the same password for several websites, then it is possible that one stores it unencrypted, and someone gained access to that site's password database. It makes headlines when major sites are compromised, but if a random forum you signed up for 3 years ago got hacked, you may never hear about it. It's a good idea to have a different password for every account. 209.131.76.183 (talk) 14:45, 18 June 2013 (UTC)


 * Yahoo isn’t historically particularly secure, IIRC, nor Mac OS. Tough ole world. By strong password do you mean around 10 chars of highly random chars, or do you mean quite a long password?* ¦ Reisio (talk) 14:47, 18 June 2013 (UTC)
 * Eight characters, not random but a totally unusual and unguessable five letter English word, followed by three random numbers that are meaningful to me, but idiosyncratically; not like a birthdate or anything anyone who knows me well could ever divine.--108.27.62.131 (talk) 14:54, 18 June 2013 (UTC)
 * Okay, that link is great and has taught me a lesson. Good on ya. I will go make my passwords much stronger. However, I highly doubt it could have been anyone breaking the passwords, even if you've disabused me of how strong they really were, for one simple reason: the timing. Specifically, both Yahoo email accounts have completely different passwords, and each was compromised the same day.--108.27.62.131 (talk) 14:57, 18 June 2013 (UTC)
 * Are you sure your account was compromised? Many people mistake email-spoofing for "hacking" (compromising of the account password).   Spammers can send mails that appear to come from your email account, but with a little closer inspection, actually did not originate from your account at all.  E-mail headers can easily be forged.  This is called Email spoofing and is the digital equivalent of a postal-mail prankster who writes your address as the return-address on the outside of his envelopes.  He can do so without actually breaking in and mailing it from your house.  And he knows your address - in fact, he knows almost every address - he can get it by walking down the street and making a list!  Email addresses, like return-addresses written on the outside of a real-world envelope, are not "trustworthy."   Nimur (talk) 15:35, 18 June 2013 (UTC)

I have had the same problem and have read that this is quite common on Yahoo mail. Rather than someone haviong cracked thousands of passwords, is it possible that a spam email can have carried code that hi-jacked our contacts lists and sent emails apparently from us? Gurumaister (talk) 15:41, 18 June 2013 (UTC)
 * Responding to Nimur, I am rather sure, or let me put it this way: I already get email from spammers to me pretending to be me, spoofing my Yahoo account name--have for years. That isn't the issue. What happened here was that my Yahoo! sent box shows emails being sent by me, and I got a few hundred Mailer Daemon failure notices in my inbox from these emails my account sent out.--108.27.62.131 (talk) 15:51, 18 June 2013 (UTC)


 * @Gurumaister - Yeah I think that is possible; I've known many people who have had that happen to them (which is one of the reasons I don't use Yahoo mail.)
 * @108.27.62.131 - If it wasn't a spam e-mail doing what Gurumaister suggested, then it could possibly have just been a really unfortunate coincidence that both your accounts were hacked on the same day; but I doubt it. --Yellow1996 (talk) 16:11, 18 June 2013 (UTC)

Hey Nimur, I doubt there was a coincidence and that we were both hacked at the same time as I have heard of literally thousands of Yahoo account holders who have this problem. I think it might be time for both of us to transfer to Gmail :) Gurumaister (talk) 17:12, 18 June 2013 (UTC)

Have you used a public computer lately? While it is of course not impossible, infecting a Mac should not be the easiest thing in the world, especially since you do not appear to be a complete idiot. Much more likely you accessed your e-mail using a public computer that was infected, and "they" obtained your password in this way. Try to remember which computers you've used to access your account lately, and see with the maintainers of those computers if they can scan their computers. Certainly do sweep your own computer for possible malware (how exactly I'm not sure as I'm not a Mac user), but unless you have very poor security habit (e.g. you regularly install pirated software, or don't read those annoying pop-ups asking you to enter your administrator password) it's fairly unlikely the breach came from your own computer. I don't know if Yahoo! Mail uses HTTPS - if they don't, it's also possible that they obtained your info from an unsecured network, but HTTPS should protect against man-in-the-middle attacks. Oh, and do change your password if you haven't already - from a computer you trust. 64.201.173.145 (talk) 17:17, 18 June 2013 (UTC)
 * I have tried to post a message responding to the above multiple times but the edit filter has stopped me; an obvious false positive. The message I meant to post above can be seen in my error report on the filter, at Edit filter/False positives.--108.27.62.131 (talk) 17:52, 18 June 2013 (UTC)

Kiwix
How can I update my portable Kiwix version (2012) Miss Bono    (zootalk)  19:48, 18 June 2013 (UTC)
 * Is there a problem with clicking on one of the "Download" buttons at http://www.kiwix.org/wiki/Software? Rojomoke (talk) 06:41, 19 June 2013 (UTC)
 * I cannot access to that page, so I was wondering if I could update it form here.  Miss Bono   (zootalk)  12:42, 19 June 2013 (UTC)