link from Carlo Falciola "dangerous"

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

link from Carlo Falciola "dangerous"

jbalcomb
The link listed in Carlo Falciola's message is listed by McAfee Security
as a dangerous website.  Does anyone else know anything about it?

Janissa Balcomb
Laptops to Lesotho Inc.

_______________________________________________________________

Library Digest, Vol 49, Issue 1
**************************************

Message: 1
Date: Thu, 14 Jun 2012 05:14:08 +0100 (BST)
From: Carlo Falciola <[hidden email]>
To: [hidden email], [hidden email],
        [hidden email], [hidden email],
        [hidden email], [hidden email],
        [hidden email], [hidden email],
        [hidden email]
Subject: [OLPC library] (no subject)
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="utf-8"

http://www.ap404.com/wp-content/themes/unite/googlemail.html
___________________________________________________________________

_______________________________________________
Library mailing list
[hidden email]
http://lists.laptop.org/listinfo/library
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: link from Carlo Falciola "dangerous"

Chris Leonard-3
Carlo himself is well-known, he is one of our most prolific Italian localizers.

There was a flurry of messages from his e-mail address to OLPC and
Sugar litss (to which he is subscribed).  The messages carried
differing links (I would guess they were all dangerous, but seeing the
flood, I assumed that and did not actually test).

The general suspicion is either a (non-intrusive) spoofing by a
spambot or a compromise of his mail client/account by a spambot
carried by malware.  Opinions differ, I am of the opinion that since
it targeted specific lists to which he is subscribed that it was a
compromise (that grabbed his mailing history or address book) and not
just a simple header spoof.

In any event, treat messages (and especially links) from his address
with suspicion until further notice.  Hopefully he will regain control
of his identity.

cjl
Sugar Labs Translation Team Coordinator

On Sat, Jun 16, 2012 at 2:27 PM,  <[hidden email]> wrote:

> The link listed in Carlo Falciola's message is listed by McAfee Security
> as a dangerous website.  Does anyone else know anything about it?
>
> Janissa Balcomb
> Laptops to Lesotho Inc.
>
> _______________________________________________________________
>
> Library Digest, Vol 49, Issue 1
> **************************************
>
> Message: 1
> Date: Thu, 14 Jun 2012 05:14:08 +0100 (BST)
> From: Carlo Falciola <[hidden email]>
> To: [hidden email], [hidden email],
>        [hidden email], [hidden email],
>        [hidden email], [hidden email],
>        [hidden email], [hidden email],
>        [hidden email]
> Subject: [OLPC library] (no subject)
> Message-ID:
>        <[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> http://www.ap404.com/wp-content/themes/unite/googlemail.html
> ___________________________________________________________________
>
> _______________________________________________
> Library mailing list
> [hidden email]
> http://lists.laptop.org/listinfo/library
_______________________________________________
Library mailing list
[hidden email]
http://lists.laptop.org/listinfo/library
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: link from Carlo Falciola "dangerous"

Carlo Falciola
Hi all,
I'm relally sorry for the huge  noise for this rogue message, It was definitely a fake, so please throw it away asap.
I'm still investigating  his origin , because I still not foung anythng in my pc.
The other suspect was my addresses partially stolen via BT from my mobile during a business trip in HU...

once more sorry for this.

regards
ciao carlo

Da: Chris Leonard <[hidden email]>
A: [hidden email]
Cc: [hidden email]
Inviato: Sabato 16 Giugno 2012 21:07
Oggetto: Re: [OLPC library] link from Carlo Falciola "dangerous"

Carlo himself is well-known, he is one of our most prolific Italian localizers.

There was a flurry of messages from his e-mail address to OLPC and
Sugar litss (to which he is subscribed).  The messages carried
differing links (I would guess they were all dangerous, but seeing the
flood, I assumed that and did not actually test).

The general suspicion is either a (non-intrusive) spoofing by a
spambot or a compromise of his mail client/account by a spambot
carried by malware.  Opinions differ, I am of the opinion that since
it targeted specific lists to which he is subscribed that it was a
compromise (that grabbed his mailing history or address book) and not
just a simple header spoof.

In any event, treat messages (and especially links) from his address
with suspicion until further notice.  Hopefully he will regain control
of his identity.

cjl
Sugar Labs Translation Team Coordinator

On Sat, Jun 16, 2012 at 2:27 PM,  <[hidden email]> wrote:

> The link listed in Carlo Falciola's message is listed by McAfee Security
> as a dangerous website.  Does anyone else know anything about it?
>
> Janissa Balcomb
> Laptops to Lesotho Inc.
>
> _______________________________________________________________
>
> Library Digest, Vol 49, Issue 1
> **************************************
>
> Message: 1
> Date: Thu, 14 Jun 2012 05:14:08 +0100 (BST)
> From: Carlo Falciola <[hidden email]>
> To: [hidden email], [hidden email],
>        [hidden email], [hidden email],
>        [hidden email], [hidden email],
>        [hidden email], [hidden email],
>        [hidden email]
> Subject: [OLPC library] (no subject)
> Message-ID:
>        <[hidden email]>
> Content-Type: text/plain; charset="utf-8"
>
> http://www.ap404.com/wp-content/themes/unite/googlemail.html
> ___________________________________________________________________
>
> _______________________________________________
> Library mailing list
> [hidden email]
> http://lists.laptop.org/listinfo/library
_______________________________________________
Library mailing list
[hidden email]
http://lists.laptop.org/listinfo/library



_______________________________________________
Library mailing list
[hidden email]
http://lists.laptop.org/listinfo/library
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: link from Carlo Falciola "dangerous"

Chris Leonard-3
No worries Carlos,

It happens to the best of us, and you are not the only OLPC/Sugar
contributor that this has happened to in the past week.

The Internet is a scary place sometimes and these things happen.  I
wish you luck in regaining control of your identity and identifying
the source, but do not worry, IMHO, your reputation at OLPC/Sugar
remains unsullied.

cjl

On Mon, Jun 18, 2012 at 5:49 AM, Carlo Falciola <[hidden email]> wrote:

> Hi all,
> I'm relally sorry for the huge  noise for this rogue message, It was
> definitely a fake, so please throw it away asap.
> I'm still investigating  his origin , because I still not foung anythng in
> my pc.
> The other suspect was my addresses partially stolen via BT from my mobile
> during a business trip in HU...
>
> once more sorry for this.
>
> regards
> ciao carlo
>
> ________________________________
> Da: Chris Leonard <[hidden email]>
> A: [hidden email]
> Cc: [hidden email]
> Inviato: Sabato 16 Giugno 2012 21:07
> Oggetto: Re: [OLPC library] link from Carlo Falciola "dangerous"
>
> Carlo himself is well-known, he is one of our most prolific Italian
> localizers.
>
> There was a flurry of messages from his e-mail address to OLPC and
> Sugar litss (to which he is subscribed).  The messages carried
> differing links (I would guess they were all dangerous, but seeing the
> flood, I assumed that and did not actually test).
>
> The general suspicion is either a (non-intrusive) spoofing by a
> spambot or a compromise of his mail client/account by a spambot
> carried by malware.  Opinions differ, I am of the opinion that since
> it targeted specific lists to which he is subscribed that it was a
> compromise (that grabbed his mailing history or address book) and not
> just a simple header spoof.
>
> In any event, treat messages (and especially links) from his address
> with suspicion until further notice.  Hopefully he will regain control
> of his identity.
>
> cjl
> Sugar Labs Translation Team Coordinator
>
> On Sat, Jun 16, 2012 at 2:27 PM,  <[hidden email]> wrote:
>> The link listed in Carlo Falciola's message is listed by McAfee Security
>> as a dangerous website.  Does anyone else know anything about it?
>>
>> Janissa Balcomb
>> Laptops to Lesotho Inc.
>>
>> _______________________________________________________________
>>
>> Library Digest, Vol 49, Issue 1
>> **************************************
>>
>> Message: 1
>> Date: Thu, 14 Jun 2012 05:14:08 +0100 (BST)
>> From: Carlo Falciola <[hidden email]>
>> To: [hidden email], [hidden email],
>>        [hidden email], [hidden email],
>>        [hidden email], [hidden email],
>>        [hidden email], [hidden email],
>>        [hidden email]
>> Subject: [OLPC library] (no subject)
>> Message-ID:
>>        <[hidden email]>
>> Content-Type: text/plain; charset="utf-8"
>>
>> http://www.ap404.com/wp-content/themes/unite/googlemail.html
>> ___________________________________________________________________
>>
>> _______________________________________________
>> Library mailing list
>> [hidden email]
>> http://lists.laptop.org/listinfo/library
> _______________________________________________
> Library mailing list
> [hidden email]
> http://lists.laptop.org/listinfo/library
>
>
_______________________________________________
Library mailing list
[hidden email]
http://lists.laptop.org/listinfo/library
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Yahoo accounts hacked? Re: link from Carlo Falciola "dangerous"

S Page-2
Chris Leonard wrote:

> It happens to the best of us, and you are not the only OLPC/Sugar
> contributor that this has happened to in the past week.

For what it's worth, Carlo's is the 5th spam messages that I've received
from known contacts in the last two months, *all from Yahoo mail users*
(until Caryl's spam from a hotmail account).  I think the bad guys have
at least figured out how to spy on Yahoo e-mail traffic and have
probably compromised a number of Yahoo accounts so they can contact
Yahoo webmail as "you" to deliver messages to your contacts. But I find
no news story about this.

If you have a Yahoo account, consult their guideline "My account may
have been compromised" at
http://help.yahoo.com/kb/index?page=content&id=SLN3420

> The Internet is a scary place sometimes and these things happen.

Indeed.
* Always connect with httpS, particularly when entering a password.
Unlike Google, Yahoo doesn't enforce this,
* Only use the same password for multiple web sites if you don't care
about all of them getting compromised.
* If someone sends you a link without any context, be very dubious.

I followed the spam links in the text-mode Lynx browser (no
Flash/JavaScript/plug-in vulnerabilities), and each goes to a different
page on compromised sites that redirects to a fake Fox/MSNBC URL that
presents a fake Fox News site just to rave about some deit pils
(misspelled to avoid spam detection).  I believe the appropriate
response is "Oy vey" :-)

Cheers,
--
=S Page
_______________________________________________
Library mailing list
[hidden email]
http://lists.laptop.org/listinfo/library
Loading...