From owner-freebsd-questions@FreeBSD.ORG Sun Apr 6 15:43:25 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C116348E for ; Sun, 6 Apr 2014 15:43:25 +0000 (UTC) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8028DA8A for ; Sun, 6 Apr 2014 15:43:25 +0000 (UTC) Received: from [88.217.67.10] (helo=localhost.my.domain) by ms-10.1blu.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1WWpE4-0004sH-GX for freebsd-questions@freebsd.org; Sun, 06 Apr 2014 17:43:16 +0200 Received: from localhost.my.domain (localhost [127.0.0.1]) by localhost.my.domain (8.14.7/8.14.3) with ESMTP id s36FhDQI003100 for ; Sun, 6 Apr 2014 17:43:14 +0200 (CEST) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.14.7/8.14.3/Submit) id s36FhDD8003099 for freebsd-questions@freebsd.org; Sun, 6 Apr 2014 17:43:13 +0200 (CEST) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Sun, 6 Apr 2014 17:43:13 +0200 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: teft of 18,000,000 mail accounts and passwords Message-ID: <20140406154313.GA3062@La-Habana> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 9.0-CURRENT r214444 (i386) User-Agent: Mutt/1.5.21 (2010-09-15) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 88.217.67.10 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Matthias Apitz List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Apr 2014 15:43:25 -0000 Hello, I have here a case which could be off-topic in first moment, but does not is, I think. The German Govermental Office about Security in Information informs that the police got access to a database of 18,000,000 stolen mail accounts and they will inform on Monday how to inform the owners of the accounts http://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2014/Medienberichte_zu_Identitaetsdiebstahl_04042014.html (in German). What makes me bringing this up here is the question, how the criminals could get access to this amount of mail accounts and passwords and if we as FreeBSD users could be targeted by some of the methods. How they could get access to your (remote) mail account name and password? What comes to my mind as methods are: - Installed key loggers on the local system; - Phishing attacs with faked URLs or with correct URL and DNS attack; - Using unknown backdoors or bugs in browsers to get the saved password; Anything else? And how much we (as FreeBSD users) are in risk of this and what could be done to prevent it. Thanks matthias -- Matthias Apitz | /"\ ASCII Ribbon Campaign: E-mail: guru@unixarea.de | \ / - No HTML/RTF in E-mail WWW: http://www.unixarea.de/ | X - No proprietary attachments phone: +49-170-4527211 | / \ - Respect for open standards | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign