|
Can Comcast data files be broken into easily?
I have been with Comcast for some years now. I use a few of my email
accounts through them. I've noticed that with my primary account I suddenly start getting crap mail at a point. This first happened a few years ago when I started getting email to an account I never use for mail, only as my primary account. It had a real oddball name with numbers and I've never used that particular name anywhere else, ever. Earlier this year I changed my primary account to a different user name and deleted that old one. The new account I chose as my primary account is one I only use for family members and very close personal friends. Now I'm starting to get advertising on this one. I don't get it. The only thing that would explain this is that someone hacked into Comcast's accounts and gets the names that way. I'm tempted to ask Comcast but hesitate because I'm sure they don't want it known if such incidents do occur. How possible is this, that someone hacks into their primary accounts and harvests the primary email account names? |
Re: Can Comcast data files be broken into easily?
On 2005/12/28 8:41 AM, "Edw. Peach" <bogus_addie@none.net> wrote:
> How possible is this, that someone hacks into their primary accounts > and harvests the primary email account names? It is possible that someone has hacked into Comcast's systems that hold the user account information. No system is or can be totally secure. I think it is just as likely that someone has sold the list of Comcast customers to spammers. |
Re: Can Comcast data files be broken into easily?
On Wed, 28 Dec 2005 08:41:49 -0500, Edw Peach wrote:
> The new account I chose as my primary > account is one I only use for family members and very close personal > friends. Now I'm starting to get advertising on this one. I don't > get it. The only thing that would explain this is that someone hacked > into Comcast's accounts and gets the names that way. Most likely not. Spammers have bots which crawl the internet and snarf email addresses from web pages, usenet posts and other places. Also, malware (viruses, trojans, worms,...) can check files on the computer for email addresses and mail them home to the malware owner. That is why I have seperate trash email accounts for friends, ebusiness, family,... That way if spam starts showing up, I have a group of people to notify that they may be infected. I have never used the primary email addy for anything until this Usenet auth bs. :( Once the spammer has a list of email addies he will strip the name off the domain and add all the major ISP's comain and see how many new email addies are found. Example: addie@comcaet.net addie@rr.com,..... That is why I create email addy like bogus34_addie_752@none.net A note here. Anytime you create a bogus email/domain address, you need to make it something like bogus34_addie_752@none.invalid. That way it can be trashed by the postmasters receiving it very easily. There is a real none.net. whois none.net snippet follows: domain: none.net owner-name: nonenet owner-address: 138 boulevard du chat qui ronronne owner-address: F-75022, Paris owner-address: France Your post could cause extra work for the none.net postmaster. :( Unless you realy have a none.net email account. :) |
Re: Can Comcast data files be broken into easily?
"Edw. Peach" <bogus_addie@none.net> wrote in message news:l555r19frqhr6p4o1k2rbm24pq4mv5si8i@4ax.com... > I have been with Comcast for some years now. I use a few of my email > accounts through them. I've noticed that with my primary account I > suddenly start getting crap mail at a point. This first happened a > few years ago when I started getting email to an account I never use > for mail, only as my primary account. It had a real oddball name with > numbers and I've never used that particular name anywhere else, ever. > Earlier this year I changed my primary account to a different user > name and deleted that old one. The new account I chose as my primary > account is one I only use for family members and very close personal > friends. Now I'm starting to get advertising on this one. I don't > get it. The only thing that would explain this is that someone hacked > into Comcast's accounts and gets the names that way. I'm tempted to > ask Comcast but hesitate because I'm sure they don't want it known if > such incidents do occur. > > How possible is this, that someone hacks into their primary accounts > and harvests the primary email account names? ####################################### Search google or email harvesters. Accounts aren't always "hacked" donnie. |
Re: Can Comcast data files be broken into easily?
I did call Comcast and the technician told me that probably someone's
address book was stolen. The funny thing is I only use this one account for two family members and perhaps five friends. I NEVER use it online or have anybody else write me with it. I have other accounts for that. My account has other personalities and those don't get nailed. I use those accounts quite a bit, one for business. My first account that was getting this mail was even stranger because I never used it for email except for dealing with Comcast. That's why I thought the system/database might have been cracked at Comcast. The mail I'm getting isn't all spam. Some of it seems to be fragments of conversations. I really don't get this at all. Here's one I got: "Hi Want to know if australis was in the therefor or with the jocose. Let me know Jewel " My address was added as a CC with about 15 other names. Any ideas on this? |
Re: Can Comcast data files be broken into easily?
On 2005/12/29 7:45 AM, "Edw. Peach" <bogus_addie@none.net> wrote:
> I did call Comcast and the technician told me that probably someone's > address book was stolen. The funny thing is I only use this one > account for two family members and perhaps five friends. I NEVER use > it online or have anybody else write me with it. I have other > accounts for that. > > My account has other personalities and those don't get nailed. I use > those accounts quite a bit, one for business. > > My first account that was getting this mail was even stranger because > I never used it for email except for dealing with Comcast. That's why > I thought the system/database might have been cracked at Comcast. I have NEVER used my primary Comcast account for sending email, nor have I given it out to ANYONE. As a result, I have received no spam on that account, unless you include the Comcast advertising. I did create several secondary accounts and use different addresses for different purposes. All of them get SPAM to some extent. I am inclined to agree with the Comcast technician. I you ever use or give out an email address, it is at risk for harvesting by spammers. Even if it just a return address on an email sitting in the inbox of a trusted friend, that computer could be infected by malware and report out everything that looks like an email address to some spammer. |
Re: Can Comcast data files be broken into easily?
On Wed, 28 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<slrndr57e8.gu6.BitTwister@wb.home.invalid>, Bit Twister wrote: >Edw Peach wrote: >> The only thing that would explain this is that someone hacked >> into Comcast's accounts and gets the names that way. >Most likely not. Agreed. I know of one disgruntled ex-employee of an ISP that had taken a copy of the passwd file, and sold the (~100k) usernames, but even that is pretty rare, mainly because the spammer pays very little. >Spammers have bots which crawl the internet and snarf email addresses from >web pages, usenet posts and other places. Another tactic has been grabbing names out of the telephone book, and trying those with common alterations (lastname + initial or digit for example). >Also, malware (viruses, trojans, worms,...) can check files on the >computer for email addresses and mail them home to the malware owner. Haven't seen that very often - it's more likely to result in a denial of service (mail bomb) attack on the server where the klown is collecting the data, given the speed that the common malware goes through the dumb user community. >That is why I have seperate trash email accounts for friends, >ebusiness, family,... Good concept >That way if spam starts showing up, I have a group of people to notify >that they may be infected. I have never used the primary email addy >for anything until this Usenet auth bs. :( It used to be that we'd use /dev/random to create passwords for new accounts with the usernames being the common first initial + last name or last name + first initial or a number. Now, I'm using /dev/random to create public usernames, so they won't be found by dictionary attacks. >Once the spammer has a list of email addies he will strip the name off the >domain and add all the major ISP's comain and see how many new email >addies are found. head -2 /dev/random | uuencode ZZZZ head -2 /dev/random | mimencode then take the first 10 or twenty characters of the result. Only problem is that usernames _MUST_ begin with a letter. >A note here. Anytime you create a bogus email/domain address, you need to >make it something like bogus34_addie_752@none.invalid. >That way it can be trashed by the postmasters receiving it very easily. http://www.faqs.org/faqs/net-abuse-faq/munging-address/ Using the 'invalid' domain causes the sending mail server to reject the mail, because there never will be a top level domain with that name. RFC2606 also lists 'test', 'example' and 'localhost', though 'invalid' is the one recommended. The RFC also lists 'example.com', 'example.net' and 'example.org' as safe names to use when munging. Unfortunately, many people grab some witty name out of mid-air, and think that it's OK, without making any effort to see if it's not a real name used by some company or organization. Using 'ping candidate.domain' is not a reliable test, nor is attempting to connect to 'www.candidate.domain' - use 'whois' data instead. >There is a real none.net. whois none.net snippet follows: as well as a lot of other domain names people use for munging. Old guy |
Re: Can Comcast data files be broken into easily?
Robert Haar wrote:
> I am inclined to agree with the Comcast technician. I you ever use or give > out an email address, it is at risk for harvesting by spammers. Even if it > just a return address on an email sitting in the inbox of a trusted > friend, that computer could be infected by malware and report out > everything that looks like an email address to some spammer. That's just part of it. Even if nobody you send an email to ever falls victim to a worm or someone swiping their address book to sell to spammers, you return address is in the clear on every email you send. Even if it's encrypted. And even if you "munge" your From header and include your real email in an encrypted message body, if anyone replies to you your real email address is visible. If you think there aren't underpaid techs at various points along the way between you and people who you email with the know how to snarf addresses and the motivation to mess with it, you're a fool. |
Re: Can Comcast data files be broken into easily?
> My address was added as a CC with about 15 other names. > > Any ideas on this? ############################# Did you recognize any of the other names? donnie. |
Re: Can Comcast data files be broken into easily?
Edw. Peach wrote:
> I have been with Comcast for some years now. I use a few of my email > accounts through them. I've noticed that with my primary account I > suddenly start getting crap mail at a point. This first happened a > few years ago when I started getting email to an account I never use > for mail, only as my primary account. It had a real oddball name with > numbers and I've never used that particular name anywhere else, ever. > Earlier this year I changed my primary account to a different user > name and deleted that old one. The new account I chose as my primary > account is one I only use for family members and very close personal > friends. Now I'm starting to get advertising on this one. I don't > get it. The only thing that would explain this is that someone hacked > into Comcast's accounts and gets the names that way. I'm tempted to > ask Comcast but hesitate because I'm sure they don't want it known if > such incidents do occur. > > How possible is this, that someone hacks into their primary accounts > and harvests the primary email account names? Are any of those friends or family people who send jokes or pretty pictures to everybody in their addressbook? I know I've got a few friends like that and I've never been able to persuade them to take me off their list. So if one person on that list is infected, all people on that list are vulnerable. What about dictionary attacks like other posters suggested? SBC has a system where you can add additional email addresses and drop them later when you want to. I've also seen people use web-based email accounts (YAHOO, GMAIL, ...) to do this. You might set-up an account with Yahoo and filter the hell out of your main account (assuming your ISP has filtering capabilities), tell your friends/family about this address by snail mail or mouth. When that Yahoo account starts getting spam, drop it and set-up another one. I've also setup an address for anything I want to communicate back to me. Newsletters, ecommerce validations, etc. I use the public sink "mailinator.com" when I join a newsgroup. I wish I had done that years ago. If I only knew better then, my main address wouldn't be so useless now. -- Dave Keays |
| All times are GMT. The time now is 07:37 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.