Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora User (http://www.linux-archive.org/fedora-user/)
-   -   @Michael Apoligies Dearest (http://www.linux-archive.org/fedora-user/583430-michael-apoligies-dearest.html)

Frank Murphy 10-04-2011 02:54 PM

@Michael Apoligies Dearest
 
On 04/10/11 14:56, Michael Schwendt wrote:
<snipped>
>
> in the headers. Another indiciation that the Google Mail web interface
> has not been abused by someone from Turkey.
>

That is true, I did have to "logout all other sessins",
and do you recoginse all recent activity" or similar words.
It is also true that 6.02 is the current version of TB I use.

If you wan't to help.
Can sonething be sent without me knowing about it?
Is the fact that my isp email is routed through gmail a factor
(plain password) pulled every 3060 min?

I recently switch from imap to pop (circa month)
free limit being reached.
would that have an affect?

rkhunter shows nothing.

Cisco router I cannot tell, as no user config possible.
My isp uses reserved blocks 192..

--
Regards,

Frank Murphy
UTF_8 Encoded
Friend of fedoraproject.org
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Michael Schwendt 10-04-2011 03:49 PM

@Michael Apoligies Dearest
 
On Tue, 04 Oct 2011 15:54:30 +0100, FM (Frank) wrote:

> > in the headers. Another indiciation that the Google Mail web interface
> > has not been abused by someone from Turkey.
> >
>
> That is true, I did have to "logout all other sessins",
> and do you recoginse all recent activity" or similar words.
> It is also true that 6.02 is the current version of TB I use.

You would need to develop a theory why somebody else would forward a
message from one of your folders at GMail -- the spam message has been
received by you at GMail via your Fedora Project address alias on Oct 2nd
according to its headers -- using exactly the same Thunderbird version and
Linux OS version identifier, the same time-zone, the same machine
hostname, _and_ exactly your IP address at UPC Ireland.

> If you wan't to help.
> Can sonething be sent without me knowing about it?

Sure. With username and password, somebody can abuse your account via
IMAP, SMTP, POP, or even the web interface. Google Mail displays a list of
previous logins in its web interface. And by default, it stores copies of
messages sent via SMTP in the Sent folder.

> Is the fact that my isp email is routed through gmail a factor
> (plain password) pulled every 3060 min?

Can you explain the setup in detail?

> rkhunter shows nothing.

There is a huge difference between capturing only a Google Mail account
passphrase and an entire Linux machine connected to the Internet.
You would need an even better theory about why somebody ("from Turkey")
with access to your computer would be so stupid and on your computer use
Thunderbird to forward a single spam message to a list you're subscribed
to. Much too big of a risk to be discovered. Rootkits exist in order to
retain access to a remote machine. They try to hide themselves.

--
Fedora release 16 (Verne) - Linux 3.1.0-0.rc8.git0.0.fc16.x86_64
loadavg: 0.01 0.05 0.05
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Frank Murphy 10-04-2011 04:07 PM

@Michael Apoligies Dearest
 
On 04/10/11 16:49, Michael Schwendt wrote:
> On Tue, 04 Oct 2011 15:54:30 +0100, FM (Frank) wrote:
>
>>> in the headers. Another indiciation that the Google Mail web interface
>>> has not been abused by someone from Turkey.
>>>
>>
>> That is true, I did have to "logout all other sessins",
>> and do you recoginse all recent activity" or similar words.
>> It is also true that 6.02 is the current version of TB I use.
>
> You would need to develop a theory why somebody else would forward a
> message from one of your folders at GMail -- the spam message has been
> received by you at GMail via your Fedora Project address alias on Oct 2nd
> according to its headers --using exactly the same Thunderbird version and
> Linux OS version identifier, the same time-zone, the same machine
> hostname, _and_ exactly your IP address at UPC Ireland.

No idea, but I have received spam from my own email address before.


>
>> If you wan't to help.
>> Can sonething be sent without me knowing about it?
>
> Sure. With username and password, somebody can abuse your account via
> IMAP, SMTP, POP, or even the web interface. Google Mail displays a list of
> previous logins in its web interface. And by default, it stores copies of
> messages sent via SMTP in the Sent folder.
>
>> Is the fact that my isp email is routed through gmail a factor
>> (plain password) pulled every 3060 min?
>
> Can you explain the setup in detail?
>

Originally in Gmail, it allows you can get other pop email
by entering email address and password.
It won't pull an exe attachment.

My isp does not use https, even for their webmail.

>> rkhunter shows nothing.
>
> There is a huge difference between capturing only a Google Mail account
> passphrase and an entire Linux machine connected to the Internet.
> You would need an even better theory about why somebody ("from Turkey")

Still no idea.

> with access to your computer would be so stupid and on your computer use
> Thunderbird to forward a single spam message to a list you're subscribed
> to. Much too big of a risk to be discovered. Rootkits exist in order to
> retain access to a remote machine. They try to hide themselves.
>

Only my eldest son "the gamer"
had tried to do anything foolish on this PC.
I don't use a screensaver, as I can never recall the password.
I keep it on a usb stick.

--
Regards,

Frank Murphy
UTF_8 Encoded
Friend of fedoraproject.org
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Michael Schwendt 10-04-2011 05:11 PM

@Michael Apoligies Dearest
 
On Tue, 04 Oct 2011 17:07:29 +0100, FM (Frank) wrote:

> No idea, but I have received spam from my own email address before.

That's something completely else, and a known form of abuse.

And it isn't accurate to say "from my own email address". For spam, the
email address listed in spam messages typically has nothing to do with the
origin of the mail. With the old mail protocols and many mail servers it
is too easy to insert arbitrary sender addresses.

If you want to examine _from where_ a mail was sent, you cannot avoid
displaying and analyzing the mail headers. Bottom up and eliminating
any forged headers somebody may have inserted there.

> >> Is the fact that my isp email is routed through gmail a factor
> >> (plain password) pulled every 3060 min?
> >
> > Can you explain the setup in detail?
> >
>
> Originally in Gmail, it allows you can get other pop email
> by entering email address and password.
> It won't pull an exe attachment.

You mean the "Mail Fetcher"? If so, you would enter your ISP mail account
details there, not your Google Mail passphrase. One would need to examine
your ISP's POP server for details, such as SSL/TLS usage.

> My isp does not use https, even for their webmail.

But your GMail passphrase is not the same as the one you use for you ISP,
is it? ;)

> Only my eldest son "the gamer"
> had tried to do anything foolish on this PC.
> I don't use a screensaver, as I can never recall the password.
> I keep it on a usb stick.

Ah, fresh theories! Lovely. :-)
http://images.cheezburger.com/completestore/2010/1/27/129090941151506207.jpg

--
Fedora release 16 (Verne) - Linux 3.1.0-0.rc8.git0.0.fc16.x86_64
loadavg: 0.04 0.13 0.13
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Joe Zeff 10-04-2011 05:28 PM

@Michael Apoligies Dearest
 
On 10/04/2011 09:07 AM, Frank Murphy wrote:
> I don't use a screensaver, as I can never recall the password.

You don't need a password for your screensaver unless you lock the screen.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


All times are GMT. The time now is 01:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.