Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Can Comcast data files be broken into easily? (http://www.velocityreviews.com/forums/t307387-can-comcast-data-files-be-broken-into-easily.html)

Edw. Peach 12-28-2005 01:41 PM

Can Comcast data files be broken into easily?
 
I have been with Comcast for some years now. I use a few of my email
accounts through them. I've noticed that with my primary account I
suddenly start getting crap mail at a point. This first happened a
few years ago when I started getting email to an account I never use
for mail, only as my primary account. It had a real oddball name with
numbers and I've never used that particular name anywhere else, ever.
Earlier this year I changed my primary account to a different user
name and deleted that old one. The new account I chose as my primary
account is one I only use for family members and very close personal
friends. Now I'm starting to get advertising on this one. I don't
get it. The only thing that would explain this is that someone hacked
into Comcast's accounts and gets the names that way. I'm tempted to
ask Comcast but hesitate because I'm sure they don't want it known if
such incidents do occur.

How possible is this, that someone hacks into their primary accounts
and harvests the primary email account names?

Robert Haar 12-28-2005 02:05 PM

Re: Can Comcast data files be broken into easily?
 
On 2005/12/28 8:41 AM, "Edw. Peach" <bogus_addie@none.net> wrote:

> How possible is this, that someone hacks into their primary accounts
> and harvests the primary email account names?


It is possible that someone has hacked into Comcast's systems that hold the
user account information. No system is or can be totally secure.

I think it is just as likely that someone has sold the list of Comcast
customers to spammers.


Bit Twister 12-28-2005 02:14 PM

Re: Can Comcast data files be broken into easily?
 
On Wed, 28 Dec 2005 08:41:49 -0500, Edw Peach wrote:

> The new account I chose as my primary
> account is one I only use for family members and very close personal
> friends. Now I'm starting to get advertising on this one. I don't
> get it. The only thing that would explain this is that someone hacked
> into Comcast's accounts and gets the names that way.


Most likely not. Spammers have bots which crawl the internet and snarf
email addresses from web pages, usenet posts and other places.
Also, malware (viruses, trojans, worms,...) can check files on the
computer for email addresses and mail them home to the malware owner.

That is why I have seperate trash email accounts for friends,
ebusiness, family,...

That way if spam starts showing up, I have a group of people to notify
that they may be infected. I have never used the primary email addy
for anything until this Usenet auth bs. :(

Once the spammer has a list of email addies he will strip the name off the
domain and add all the major ISP's comain and see how many new email
addies are found.

Example: addie@comcaet.net addie@rr.com,.....

That is why I create email addy like bogus34_addie_752@none.net

A note here. Anytime you create a bogus email/domain address, you need to
make it something like bogus34_addie_752@none.invalid.
That way it can be trashed by the postmasters receiving it very easily.

There is a real none.net. whois none.net snippet follows:

domain: none.net
owner-name: nonenet
owner-address: 138 boulevard du chat qui ronronne
owner-address: F-75022, Paris
owner-address: France


Your post could cause extra work for the none.net postmaster. :(
Unless you realy have a none.net email account. :)



Donnie 12-29-2005 02:57 AM

Re: Can Comcast data files be broken into easily?
 

"Edw. Peach" <bogus_addie@none.net> wrote in message
news:l555r19frqhr6p4o1k2rbm24pq4mv5si8i@4ax.com...
> I have been with Comcast for some years now. I use a few of my email
> accounts through them. I've noticed that with my primary account I
> suddenly start getting crap mail at a point. This first happened a
> few years ago when I started getting email to an account I never use
> for mail, only as my primary account. It had a real oddball name with
> numbers and I've never used that particular name anywhere else, ever.
> Earlier this year I changed my primary account to a different user
> name and deleted that old one. The new account I chose as my primary
> account is one I only use for family members and very close personal
> friends. Now I'm starting to get advertising on this one. I don't
> get it. The only thing that would explain this is that someone hacked
> into Comcast's accounts and gets the names that way. I'm tempted to
> ask Comcast but hesitate because I'm sure they don't want it known if
> such incidents do occur.
>
> How possible is this, that someone hacks into their primary accounts
> and harvests the primary email account names?

#######################################
Search google or email harvesters. Accounts aren't always "hacked"
donnie.



Edw. Peach 12-29-2005 12:45 PM

Re: Can Comcast data files be broken into easily?
 
I did call Comcast and the technician told me that probably someone's
address book was stolen. The funny thing is I only use this one
account for two family members and perhaps five friends. I NEVER use
it online or have anybody else write me with it. I have other
accounts for that.

My account has other personalities and those don't get nailed. I use
those accounts quite a bit, one for business.

My first account that was getting this mail was even stranger because
I never used it for email except for dealing with Comcast. That's why
I thought the system/database might have been cracked at Comcast.

The mail I'm getting isn't all spam. Some of it seems to be fragments
of conversations. I really don't get this at all.

Here's one I got:

"Hi
Want to know if australis was in the therefor or with the
jocose.
Let me know
Jewel "

My address was added as a CC with about 15 other names.

Any ideas on this?

Robert Haar 12-29-2005 05:53 PM

Re: Can Comcast data files be broken into easily?
 
On 2005/12/29 7:45 AM, "Edw. Peach" <bogus_addie@none.net> wrote:

> I did call Comcast and the technician told me that probably someone's
> address book was stolen. The funny thing is I only use this one
> account for two family members and perhaps five friends. I NEVER use
> it online or have anybody else write me with it. I have other
> accounts for that.
>
> My account has other personalities and those don't get nailed. I use
> those accounts quite a bit, one for business.
>
> My first account that was getting this mail was even stranger because
> I never used it for email except for dealing with Comcast. That's why
> I thought the system/database might have been cracked at Comcast.


I have NEVER used my primary Comcast account for sending email, nor have I
given it out to ANYONE. As a result, I have received no spam on that
account, unless you include the Comcast advertising. I did create several
secondary accounts and use different addresses for different purposes. All
of them get SPAM to some extent.

I am inclined to agree with the Comcast technician. I you ever use or give
out an email address, it is at risk for harvesting by spammers. Even if it
just a return address on an email sitting in the inbox of a trusted friend,
that computer could be infected by malware and report out everything that
looks like an email address to some spammer.



Moe Trin 12-29-2005 08:10 PM

Re: Can Comcast data files be broken into easily?
 
On Wed, 28 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<slrndr57e8.gu6.BitTwister@wb.home.invalid>, Bit Twister wrote:

>Edw Peach wrote:


>> The only thing that would explain this is that someone hacked
>> into Comcast's accounts and gets the names that way.


>Most likely not.


Agreed. I know of one disgruntled ex-employee of an ISP that had taken a
copy of the passwd file, and sold the (~100k) usernames, but even that is
pretty rare, mainly because the spammer pays very little.

>Spammers have bots which crawl the internet and snarf email addresses from
>web pages, usenet posts and other places.


Another tactic has been grabbing names out of the telephone book, and trying
those with common alterations (lastname + initial or digit for example).

>Also, malware (viruses, trojans, worms,...) can check files on the
>computer for email addresses and mail them home to the malware owner.


Haven't seen that very often - it's more likely to result in a denial of
service (mail bomb) attack on the server where the klown is collecting
the data, given the speed that the common malware goes through the
dumb user community.

>That is why I have seperate trash email accounts for friends,
>ebusiness, family,...


Good concept

>That way if spam starts showing up, I have a group of people to notify
>that they may be infected. I have never used the primary email addy
>for anything until this Usenet auth bs. :(


It used to be that we'd use /dev/random to create passwords for new
accounts with the usernames being the common first initial + last name
or last name + first initial or a number. Now, I'm using /dev/random
to create public usernames, so they won't be found by dictionary attacks.

>Once the spammer has a list of email addies he will strip the name off the
>domain and add all the major ISP's comain and see how many new email
>addies are found.


head -2 /dev/random | uuencode ZZZZ

head -2 /dev/random | mimencode

then take the first 10 or twenty characters of the result. Only problem
is that usernames _MUST_ begin with a letter.

>A note here. Anytime you create a bogus email/domain address, you need to
>make it something like bogus34_addie_752@none.invalid.
>That way it can be trashed by the postmasters receiving it very easily.


http://www.faqs.org/faqs/net-abuse-faq/munging-address/

Using the 'invalid' domain causes the sending mail server to reject the
mail, because there never will be a top level domain with that name.
RFC2606 also lists 'test', 'example' and 'localhost', though 'invalid' is
the one recommended. The RFC also lists 'example.com', 'example.net' and
'example.org' as safe names to use when munging. Unfortunately, many
people grab some witty name out of mid-air, and think that it's OK,
without making any effort to see if it's not a real name used by some
company or organization. Using 'ping candidate.domain' is not a reliable
test, nor is attempting to connect to 'www.candidate.domain' - use 'whois'
data instead.

>There is a real none.net. whois none.net snippet follows:


as well as a lot of other domain names people use for munging.

Old guy

TwistyCreek 12-29-2005 08:32 PM

Re: Can Comcast data files be broken into easily?
 
Robert Haar wrote:

> I am inclined to agree with the Comcast technician. I you ever use or give
> out an email address, it is at risk for harvesting by spammers. Even if it
> just a return address on an email sitting in the inbox of a trusted
> friend, that computer could be infected by malware and report out
> everything that looks like an email address to some spammer.


That's just part of it. Even if nobody you send an email to ever falls
victim to a worm or someone swiping their address book to sell to
spammers, you return address is in the clear on every email you send. Even
if it's encrypted. And even if you "munge" your From header and include
your real email in an encrypted message body, if anyone replies to you
your real email address is visible.

If you think there aren't underpaid techs at various points along the way
between you and people who you email with the know how to snarf addresses
and the motivation to mess with it, you're a fool.




Donnie 12-30-2005 02:28 AM

Re: Can Comcast data files be broken into easily?
 


> My address was added as a CC with about 15 other names.
>
> Any ideas on this?

#############################
Did you recognize any of the other names?
donnie.



Dave Keays 12-30-2005 02:47 AM

Re: Can Comcast data files be broken into easily?
 
Edw. Peach wrote:
> I have been with Comcast for some years now. I use a few of my email
> accounts through them. I've noticed that with my primary account I
> suddenly start getting crap mail at a point. This first happened a
> few years ago when I started getting email to an account I never use
> for mail, only as my primary account. It had a real oddball name with
> numbers and I've never used that particular name anywhere else, ever.
> Earlier this year I changed my primary account to a different user
> name and deleted that old one. The new account I chose as my primary
> account is one I only use for family members and very close personal
> friends. Now I'm starting to get advertising on this one. I don't
> get it. The only thing that would explain this is that someone hacked
> into Comcast's accounts and gets the names that way. I'm tempted to
> ask Comcast but hesitate because I'm sure they don't want it known if
> such incidents do occur.
>
> How possible is this, that someone hacks into their primary accounts
> and harvests the primary email account names?


Are any of those friends or family people who send jokes or pretty pictures to
everybody in their addressbook? I know I've got a few friends like that and I've
never been able to persuade them to take me off their list.

So if one person on that list is infected, all people on that list are vulnerable.

What about dictionary attacks like other posters suggested?

SBC has a system where you can add additional email addresses and drop them
later when you want to. I've also seen people use web-based email accounts
(YAHOO, GMAIL, ...) to do this.

You might set-up an account with Yahoo and filter the hell out of your main
account (assuming your ISP has filtering capabilities), tell your friends/family
about this address by snail mail or mouth. When that Yahoo account starts
getting spam, drop it and set-up another one.

I've also setup an address for anything I want to communicate back to me.
Newsletters, ecommerce validations, etc.

I use the public sink "mailinator.com" when I join a newsgroup. I wish I had
done that years ago. If I only knew better then, my main address wouldn't be so
useless now.

--

Dave Keays


All times are GMT. The time now is 10:04 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.