Related
at 21:00 this night i received an email from : [email protected]
With an virus in it.
has anybody else also got this virus mail ?
this was in the attachment:
Video_part.mim Email-Worm.Win32.Nyxem.e Removed
This is the header of the mail:
Delivered-To: GMX delivery to [email protected] (my address)
Received: (qmail invoked by alias); 02 Feb 2006 19:51:54 -0000
Received: from 84-235-63-127.saudi.net.sa (HELO user-a152f4b1dd) [84.235.63.127]
by mx0.gmx.net (mx024) with SMTP; 02 Feb 2006 20:51:54 +0100
From: "xda" <[email protected]>
To: <[email protected]>
Subject: MDaemon Warning - virus found: Fw: Funny
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_0.024623829126358"
Date: Thu, 2 Feb 2006 20:53:06 +0100
Message-ID: <[email protected]>
X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
X-GMX-Antispam: 0 (Mail was not recognized as spam)
X-GMX-UID: dQaQY1M5eSEkaqmjfHQhaXN1IGRvb4DS
X-MDMultiPOP: [email protected]@pop.gmx.net
Really Sick people did it i think.
Glad i have a email virus scanner who killed it.
Dude, I'm assuming this means you don't run your own domain! I sometimes get viruses from myself!
Sure freaked me out the first time it happened though... It just means that someone who has that email address stored in a vulnerable application (I'm thinking MS, sorry please don't sue me - I have kids!) was infected with one of the many virii that glean addresses from such applications.
Shame on them, whoever it was! <insert standard plug for GOOD anti-virus here>
That's a Jacked address.
Look carefully at the header and see where it's really coming from. The first email listed already implies it came from Saudi Arabia. I don't think the xda dev server is there...
I've seen similar techniques often, and this is rather weak compared to the ones I've got, where the trail leads back to Pacific Internet (ISP in my own country) and stops right there. Only with Sysinternals Whois and a little sleuthing did I manage to find out it was some arsehole in Vietnam who's trying to hock goods using the name of my company (a computer school).
(And even then it could be just a relay.)
Email is dead thanks to advent of spam, I swear...
Re: That's a Jacked address.
Ultimate Chicken said:
Look carefully at the header and see where it's really coming from. The first email listed already implies it came from Saudi Arabia. I don't think the xda dev server is there...
I've seen similar techniques often, and this is rather weak compared to the ones I've got, where the trail leads back to Pacific Internet (ISP in my own country) and stops right there. Only with Sysinternals Whois and a little sleuthing did I manage to find out it was some arsehole in Vietnam who's trying to hock goods using the name of my company (a computer school).
(And even then it could be just a relay.)
Email is dead thanks to advent of spam, I swear...
Click to expand...
Click to collapse
Thanks! for the info...
OK, so for some reason our builds happen to be hardcoded with a UserAgent Profile pointing to http://www.google.com/oha/rdf/ua-profile-kila.xml. This is reported to the MMS server whenever our MMS client tries to download something, it's stuck in the x-wap-profile: header of the HTTP request.
If you read thru that file you'll see that it's the spec for a Samsung SGH-T429 with 320x480 screen. While looking into MMS receive issues on Sprint we discovered that the MMS server actually reads these profiles, and sizes the output that it sends you based on these profiles. So even if your buddy sends you a nice high-rez photo by MMS, when you receive it, it will be scaled down to 320x480.
[edit: that's not quite true. I think this only affects the size of the image as presented in the Messaging app. The actual attachment is whatever size was originally sent. Of course, most media is scaled down for sending anyway.]
We checked to see what profile the Sprint RHOD400 was sending under Winmo and found this http://device.sprintpcs.com/HTC/PPCTP7380SP/2046514.rdf which seems to have the correct screen dimensions. (I can't seem to download it now though.)
I also checked to see what my phone was using with T-Mobile, and got this
http://www.htcmms.com.tw/gen/RhodiumMR-1.0.xml which also has the right stuff, but a lot of winmo-specific details too. It seems to me that we're going to need to patch the framework to make this profile URL a settable property instead of hardcoding it like it's currently done, to get the most out of MMS.
We should probably start taking an inventory of profiles that are in use on all the MSM devices. In Winmo you can find them in the registry at HKLM\Software\Jataayu\MMS\SP - according to this thread: http://forum.xda-developers.com/showthread.php?t=795343
For example, here's the request for a Sprint RHOD400:
Code:
GET /?msgid=XXX&userId=YYY HTTP/1.1
Accept: */*, application/vnd.wap.mms-message, application/vnd.wap.sic
x-wap-profile: http://device.sprintpcs.com/HTC/PPCTP7380SP/2046514.rdf
Accept-Language: en-US
Host: mms.sprintpcs.com:80
Connection: Keep-Alive
User-Agent: T7380
Here's the request all of our phones are currently using to retrieve MMSs:
Code:
GET /?msgid=XXX&userId=YYY HTTP/1.1
Accept: */*, application/vnd.wap.mms-message, application/vnd.wap.sic
x-wap-profile: http://www.google.com/oha/rdf/ua-profile-kila.xml
Accept-Language: en-US
Host: mms.sprintpcs.com:80
Connection: Keep-Alive
User-Agent: Android-Mms/2.0
I've got this one in the registry:
http://www.htcmms.com.tw/gen/HTC_Touch_Pro2_T7373-1.0.xml
( Rhod100 / AUO )
Mine reads:
http://www.htcmms.com.tw/gen/HTC_Touch_Pro2_T7381-1.0.xml
Also worth noting it was in the registry key:
HKLM\Software\SIE\AutoVer\Opera\User Prefs
and HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Raa_1 said:
Mine reads:
http://www.htcmms.com.tw/gen/HTC_Touch_Pro2_T7381-1.0.xml
Also worth noting it was in the registry key:
HKLM\Software\SIE\AutoVer\Opera\User Prefs
and HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Click to expand...
Click to collapse
What model RHOD is that?
This was a setup.xml I made for people running custom roms on boost mobile. Everything should be the same for sprint except the "pcs-boost-mmsc" server address. Maybe helpful?
I changed it to .txt for posting. It seems to be the same that you have.
I know this is probably way to early to be asking this, but I have a Rhod400, where can I input this info (into what file or terminal emulator?) so that I can get MMS working on my phone so I can test it until the patch is ready for the public?
slickdaddy96 said:
I know this is probably way to early to be asking this, but I have a Rhod400, where can I input this info (into what file or terminal emulator?) so that I can get MMS working on my phone so I can test it until the patch is ready for the public?
Click to expand...
Click to collapse
Kinks are being worked out, to my knowledge nothing usable has surfaced yet. Sending works like a champ with the new RIL, and reception works - just gives a useless download link. Trying to make that link work, is what we're trying to do!
We checked to see what profile the Sprint RHOD400 was sending under Winmo and found this http://device.sprintpcs.com/HTC/PPCTP7380SP/2046514.rdf which seems to have the correct screen dimensions. (I can't seem to download it now though.)
Click to expand...
Click to collapse
I appreciate all the work that you've been doing, and especially for Sprint (even though you're on a GSM device ).
That site doesn't hit (I was hoping it was user-agent dependent, but it didn't work on my phone either).
Also, this thread (http://forum.ppcgeeks.com/htc-touch-pro-2/101286-native-htc-messaging-mms-fix-collaboration-31.html) says that there's no 1st P in the PPCT7380SP string, so it looks like http://device.sprintpcs.com/HTC/PPCT7380SP/%CDMA_ROM_VERSION%.rdf. Is anyone else able to download this .rdf file?
edit: and the 2046514 corresponds to the ROM version (found in Device Information/Software), which (for me at least) is 2.04.651.4
I don't get the download button on my RHOD500. Well it's there for a split second then downloads on it's own. Originally set the APN before all the ril changes so after setting the carrier ID it just worked with the new ril.
eww245 said:
I don't get the download button on my RHOD500. Well it's there for a split second then downloads on it's own. Originally set the APN before all the ril changes so after setting the carrier ID it just worked with the new ril.
Click to expand...
Click to collapse
Wait so Verizon CDMA MMS works?
rpierce99 said:
Wait so Verizon CDMA MMS works?
Click to expand...
Click to collapse
If I'm not mistaken, Verizon has been working ever since highlandsun's amazing work on the RIL originally.
manekineko said:
If I'm not mistaken, Verizon has been working ever since highlandsun's amazing work on the RIL originally.
Click to expand...
Click to collapse
If that's the case I really need a kind verizon user to provide me a download link for a MMS attachment. It's in mmssms.db, probably easiest for that person to hop on IRC so we can chat about it. Basically I need to figure out what is different about the Sprint payload than the Verizon payload to see why Sprint doesn't work.
rpierce99 said:
Wait so Verizon CDMA MMS works?
Click to expand...
Click to collapse
For me yes, no issues at all
rpierce99: you didn't get my note on IRC I guess. I'm pretty sure the attachment isn't the problem; pretty sure the problem is the original SMS PDU. You can grab that from the radio logcat when the MMS arrives. Decoding it is a bit more of a hassle; my code in the RIL only decodes the first 6 headers then passes the rest to Android to decode. Get me a sample PDU from your radio log...
I take that back. Now I see what the parser is doing...
Is this what you need?
The pdu table has some other info but connectbot isn't being nice
GSM_PDU=000002100402070295EA216506000601FC087600031257E0016703280010099199897B9B2B93B3632BA3997B6B6B99FB6B2B9B9B0B3B296B4B21E9820A19CA099989C9899A21C9818181821A19A1818181818981880448B401A9B981C1C1A9C9A189C17AA2CA8229EA82626A7004B233BB21D10233BB21D102A32B9BA34B7338000306110516223640
Click to expand...
Click to collapse
Sprint MMS receive is now working.
Yes, thanks. But I don't need it now, already got a copy.
We actually identified the problem several days ago, there's even a fix for it already in the Gingerbread source tree. But backporting the fix to Froyo was messy. I've now made a new fix that applies cleanly to Froyo and doesn't rely on the stupid compile-time settings that Google's fix uses. rpierce99 helped to verify that it works.
Basically the MMS server software that Sprint uses is mis-formatting what it sends out. The official specification for MMS/WAP says to do one thing, Sprint's MMS server does something completely different / wrong. The Android MMS parser would just die with an exception when trying to parse these things. The fix makes it ignore the improper header. There are other things that Sprint's server does that are also questionable. Even with this fix, if you want someone to send you an image or video in an MMS, make sure they don't type any text into the message body, otherwise it will still arrive messed up.
OK, the issues with displaying MMS image+text messages are resolved now too. And I've made the uaProfURL a settable property in case you want to override the compiled-in setting. set the ro.product.uaprofurl property to the URL you want to use.
Of course, you need to be running my patches to the Mms.apk for this to work. The source code is here https://gitorious.org/hycdroid/packages_apps_mms/commits/froyo
Full description of the Sprint bugs and the fixes: http://lists.xdandroid.com/pipermail/xdandroid-dev/2011-May/000288.html
So what was the initial problem here?
*scratches head*
MMS always physically worked fine for me. (your RIL)
Was it just an issue displaying the contents I never picked up on or...?
ryannathans said:
So what was the initial problem here?
*scratches head*
MMS always physically worked fine for me. (your RIL)
Was it just an issue displaying the contents I never picked up on or...?
Click to expand...
Click to collapse
Did you read his post? It's a Sprint-only issue. Always was (after his RIL).
Might want to look at this section of his post...
highlandsun said:
Full description of the Sprint bugs and the fixes: http://lists.xdandroid.com/pipermail...ay/000288.html
Click to expand...
Click to collapse
/facepalm...
Had a few late nights and unknowingly started reading from page 2.
First, I'd like to wish happy New Year for everybody!
Second, I have a question to xda's developers: is there a working and non-ugly (without involving WebBrowser window) library for WP7 to access DropBox API version 1 (it's important, new apps can't use ver 0 anymore; all codeplex'es libs are using version 0 and seems like nobody planned to improve their non-working stuff).
I'm also interested in non-ugly (as Microsoft Live SDK) access library to SkyDrive, also without WebBrowser (it's a most stupidest and ugly API I've ever seen!).
If you have your own working code, could you please share with me for my new free app? I don't have much time to write my own implementation, and I hope that someone has already done this job.
Thanks!
I saw already apps, check BoxShot:
Free: http://www.windowsphone.com/en-US/apps/0be109c4-08be-4ac3-a96b-70ef2b0580e3
Pay: http://www.windowsphone.com/en-US/apps/1abb6e8c-d1ca-4209-a7b8-c2d657ffc9b4
Budniu said:
I saw already apps, check BoxShot:
Click to expand...
Click to collapse
Hmm... Seems like you didn't understand me, I need Silverlight library, not an app.
BoxShot is using DropNet library, ver 0 of DropBox API only...
Ok, sr. You're right, I don't understand.
How about this: http://sharpbox.codeplex.com/releases/view/74634
singularity0821 said:
How about this: http://sharpbox.codeplex.com/releases/view/74634
Click to expand...
Click to collapse
Unfortunately, not working at all (for DropBox) even their demo app Also, they are using synchronous http calls and current code just block whole thread execution.
sensboston said:
Unfortunately, not working at all (for DropBox) even their demo app Also, they are using synchronous http calls and current code just block whole thread execution.
Click to expand...
Click to collapse
I'm sure we can figure out how to get it without using the web browser . I'll see what I can figure out if you want.
snickler said:
I'm sure we can figure out how to get it without using the web browser . I'll see what I can figure out if you want.
Click to expand...
Click to collapse
I'm 100% sure it's possible I just don't have time to work with the new API (v 1) specs and OAuth. So if you have time and want to implement - it's really will be great! And of course I can help you with testing (using my project).
P.S. BTW, SharpBox designed to use synchronous calls; I don't like this way. IMHO good implementation should be more "WP7-oriented"...
And how about this: http://dkdevelopment.net/what-im-doing/dropnet/
singularity0821 said:
And how about this: http://dkdevelopment.net/what-im-doing/dropnet/
Click to expand...
Click to collapse
This one is working but it's "lazy" and kinda ugly solution (author is using WebBrowser window to login to Dropbox account). I completely dislike this way. Same ugly as MS SkyDrive API
sensboston said:
This one is working but it's "lazy" and kinda ugly solution (author is using WebBrowser window to login to Dropbox account). I completely dislike this way. Same ugly as MS SkyDrive API
Click to expand...
Click to collapse
Isn't that how most apps that use OAuth work?
PG2G said:
Isn't that how most apps that use OAuth work?
Click to expand...
Click to collapse
I don't know, actually, but all Dropbox access libs (API v. 0) are working without showing browser window.
P.S. I've found on the Dropbox devs forum, it's possible (but not a guaranteed) to ask dropbox support team to change your app and secret keys to API version 0.
sensboston said:
I don't know, actually, but all Dropbox access libs (API v. 0) are working without showing browser window.
P.S. I've found on the Dropbox devs forum, it's possible (but not a guaranteed) to ask dropbox support team to change your app and secret keys to API version 0.
Click to expand...
Click to collapse
Hello,
I'm the developer behind DropNet. Just a bit of background on the change to API v1: Dropbox wanted to support the full oauth spec which actually requires the web login. I know this makes it not as "clean" for the apps but makes it more secure for Dropbox. They have also announced they will be turning off API v0 sometime in the future (Though they have not stated when).
I dont think the authentication is process is too bad, once you get your head around it. Its accepted by users that they will have to login via the website nowadays (Twitter and Facebook do it as well).
d1k_is said:
actually requires the web login
Click to expand...
Click to collapse
What do you mean by that? I don't know term "web login"... If you mean - "I guess it requires a kinda unknown - for me - parameters or headers for HTTP POST/GET request" - I'll agree but it's definitely not a point to display slow loading and ugly web page each time you need an access to your files. Do you know, what is the actual login technique in API 1 (I mean what kind of params , headers, cookies are used, not a "web login" stuff)?
sensboston said:
What do you mean by that? I don't know term "web login"... If you mean - "I guess it requires a kinda unknown - for me - parameters or headers for HTTP POST/GET request" - I'll agree but it's definitely not a point to display slow loading and ugly web page each time you need an access to your files. Do you know, what is the actual login technique in API 1 (I mean what kind of params , headers, cookies are used, not a "web login" stuff)?
Click to expand...
Click to collapse
Hmmm, sounds like you have the wrong idea about the authentication.
First of all the authentication is a 3 step process (for the developer), step 1 is to get a request token from the API, step 2 is to browse to the site (using the request token as page parameters) so the user can login, step 3 is authorizing the request token (changing it to an access token).
Once you get an access token you can save that in your app and use it forever (or until the user removes access from your app) this means the user will only have to login the first time they run the app as you will have their access token saved locally which you can use to access the API functions (but the access token only works with the API Keys it was created with).
For more info check out the DropNet documentation for the Authentication process (http://dkdevelopment.net/what-im-doing/dropnet/) Theres also a sample app in the Github project.
It sound like you have no idea how the browsers works... "Browse", "navigate" - it's good terms for users, not for developers. From a technical point of view, browser makes an HTTP or HTTPS request to the host and receive a response. So, what you (and dropbox dev and marketing team) called "token" is a text/binary data, part of the response.
So, what is preventing you to make a direct call to dropbox web service using WebRequest?
P.S. I definitely don't like the whole idea to use browser cookies (it suppose to be a kind cookie) for authentication: as for dropbox, as for ms skydrive. It's just ugly - period. And about security - I don't think it's a huge improvement.
sensboston said:
It sound like you have no idea how the browsers works... "Browse", "navigate" - it's good terms for users, not for developers. From a technical point of view, browser makes an HTTP or HTTPS request to the host and receive a response. So, what you (and dropbox dev and marketing team) called "token" is a text/binary data, part of the response.
So, what is preventing you to make a direct call to dropbox web service using WebRequest?
P.S. I definitely don't like the whole idea to use browser cookies (it suppose to be a kind cookie) for authentication: as for dropbox, as for ms skydrive. It's just ugly - period. And about security - I don't think it's a huge improvement.
Click to expand...
Click to collapse
Sorry I was only trying to help.
The tokens are string values and you use a GET via HTTPS sending them as page parameters.
You dont use browser cookies as the dropbox API keeps track of the token you are authenticating against.
Just tried your WP7 example app from DropNet. Actually it demonstrates a little bit more than nothing Could you make a real example, with folders browsing and file operations, please?
P.S. You should use mobile version of dropbox - it feets WP7 screen much better than regular desktop.
600 MB additional free storage
Hi all
Just found a smart way to increase your Dropbox account with 600 MB:
1 Sign into your existing Dropbox account (or create a new account)
2 Goto https://www.dropbox.com/free
3 Follow instructions ... and voila 600 MB additional free storage
thx for the tip, I now got 3,12 GB
Hi there,
I have my own domain name. When signing up to websites, such as xda-developers, I use that site name as the to address for my domain name ie, [email protected]
This morning, I've received a spam email with subject "Subject [EN]Diablo III Account Locked - Action Required" to my xdadevelopers address at my domain.
Has there been a database compromise perchance? I've had a search through the forums here and don't see anyone else that has mentioned it as yet. The spam arrived about 3 hours ago from now.
It'd be a shame to have to close my account and devnull this email address, as I really love these forums and the great users herein.
Regards.
Update 1: It's certainly not a dictionary attack that I can see, as I haven't received any others of this nature to my catchall mailbox.
If it's any help at all, the headers show this as the sender host;
Received: from WWW-9763E06E580.net (unknown [110.103.67.128])
(very likely unrelated to any alleged compromise attempts, if indeed a compromise even occured).
I have seen this reported a couple times before but no resolution as I recall. I have passed this on to one of the admins, hopefully he can take a look and let us know if this is a problem to be concerned about.
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thank you for checking that sir. I believe that in the other threads, it was suggested that someone might have posted their email and a screen-scraper harvested it, or perhaps their email was grabbed some other way, but nothing definitive ever came of it.
bitpushr said:
I'm not aware of any compromise of the database. What I can say is that we treat our members data with the utmost respect and this would certainly be a concern of ours, but I don't see any evidence of any kind of intrusion like that.
Click to expand...
Click to collapse
Thanks for that, and I respect that data is treated with complete secrecy. I've not used this address or posted it anywhere else. It's used solely to login with, so i'm still a bit confused. I'll leave it for now, as it's only one example.
Regards.
Hi,
I'm in the exact same case, I use per site email on my domain , no dictionary attacks too (I got catchall so I see them) and same mail received
Same mail same kind of sender:
Thu, 16 Aug 2012 08:22:23 +0200 (CEST)
Received: from WWW-9763E06E580.org (unknown [110.103.67.40])
I can assure that this email is not used in any screen-shot or anything else than logging here.
This is quite annoying and since I don't use the same header as the other one (me it's [email protected]) it really seems that the mails data are compromised.
Regards,
Tolriq.
As above, exactly the same spam email, although the email address I used to sign up here is more complex than just [email protected]
I'll keep the email around, in case anyone wants to follow up on it.
Could this perhaps be the result of the new theme showing user email addresses on member pages (Eg. somewhere on http://forum.xda-developers.com/member.php?u=3492510)? Even if it's corrected now, if it did at any point, spammers may have scraped the member list during that time.
I've also just gotten an email directed at my one-time use address used for registering at XDA. Something's up, check your logs you've been compromised. I highly recommend a notice and forced password reset.
Return-path: <[email protected]>
Envelope-to: xda@MYDOMAIN.COM
Received: from [110.103.66.127] (port=57501 helo=WWW-9763E06E580.org)
by [REDACTED] with esmtp (Exim 4.63)
(envelope-from <[email protected]>)
id 1T6h7P-000354-NH
for xda@MYDOMAIN.COM; Wed, 29 Aug 2012 08:11:36 -0400
From: "Diablo III" <[email protected]>
To: <xda@MYDOMAIN.COM>
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Spam-Level: *****
X-Spam-Report: score=5.0 tests=CMAE_1, SHORTCIRCUIT version=3.3.1 cmae=v=1.1
cv=02sxpKrcaeIklPG9ikjtw9+Ix2dV+yAR3ckHHBRjlIA= c=0 sm=0 p=eKWGPzfAF9w9RlBXnosA:9
a=rfP7uN3eH0UA:10 a=SpdMY5nFWogA:10 a=IkcTkHD0fZMA:10 a=L-ISu7bKYZgA:10
a=jWLQlvoj7db9vSsTWhEWiQ==:17 a=blzCNhbTAAAA:8 a=3J15CkO5AAAA:8
a=xrJga5KMAAAA:8 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
X-Spam-Score: 5
Subject: [EN]Diablo III Account Locked - Action Required
I'll add a +1 to this (got phish with subject "[EN]Diablo III Account Locked - Action Required" trying to get me to visit a url on host us.diablo.net.zh-fot.in) . The unique address I used to register here in early 2008, while not super cryptic, is not as simple as [email protected] and likely would not be the left-hand part of anyone else's email addr, so likely would not have been derived from the phisher mixing-and-matching from different lists. It appears that they've successfully harvested xda member email addresses.
I can confirm that I've just got the phishing e-mail mentioned by other users here, on an e-mail account created and given exclusively to xda forum.
Code:
Received: from WWW-9763E06E580.org (unknown [110.103.67.201])
From: "Diablo III" <[email protected]>
To: <sax_[B][COLOR="Red"]xda-developers[/COLOR][/B]@xxxxxxxxxx.xxx>
Subject: [EN]Diablo III Account Locked - Action Required
Now I am in the process of making the current e-mail invalid and I creating a new unique one.
We will see how it goes...
I can confirm this. I use [email protected] and haven't had any unusual mail to any other address on my domain.
SMTP From: [email protected]
---
Message-ID: <[email protected]>
From: "Diablo III" <[email protected]>
To: <[email protected][Redacted]>
Subject: [EN]Diablo III Account Locked - Action Required
Date: Wed, 29 Aug 2012 17:00:34 +0800
MIME-Version: 1.0
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
[Base64 Message Body Redacted]
+1 for me
Mail address used here is site specific, never used for anything else, cannot be dictionary generated.
We have received several reports from users receiving spam and/or phishing emails to email accounts which were unique to their profile on our community. We feel that there are enough of these to indicate that at some point in the past there was some sort of information disclosure which exposed these email accounts. We are not aware of any particular information disclosure or what exact information may have been exposed.
That being said, we take our community members' information security seriously and continuously review our code and configurations for security vulnerabilities. We do, however, run 3rd party forum software and plugins which occasionally have public security vulnerabilities. We apply all patches as soon as they are available to ensure the security of our data and therefore of our community. Even so, there is always the chance that someone is using an unpublished security vulnerability to try to attack our forum and gain personal information.
Our forum, as with many others running similar software, is a target for hackers attempting to harvest personal data (email addresses, passwords, etc). We highly recommend that you use a unique password for each website you are signed up with, and change that password on a regular basis. For services that support two-factor authentication, enable this option for even more security and peace of mind.
If anyone has information relating to any sort of information disclosure or compromise, we encourage them to report them to the technical contact at http://www.xda-developers.com/contact/#technical
Thank you and as always, questions and comments are welcome.
I posted in the other thread about this but figured I'd chime in here as well. I also use my own [email protected] address just for this site. I've never posted the address publicly and I always make up new passwords for each site. Those are at minimum 8 random characters/numbers/symbols.
In the other thread it was proposed that an admin/moderators system may of been compromised and a screen scraper had seen our emails. I find this pretty unlikely since my last post before the ones about this was in March. Are you sure all the moderators/admins can be trusted not to of sold our information themselves?
I think enough people have reported this problem that you should acknowledge it on the homepage and ask if people receiving these emails can post back so you can get a real idea of how many peoples accounts have been compromised.
Until you have found the source of the leak what is the point of changing our emails/passwords, they could just pull the new info again, besides, it's a PIA to keep changing my email address. Is anything being done about this or are you just waiting for some good willed hacker to email you at the address you posted?
Tann San,
I have a zero-tolerance policy about spam and getting the information I trust to a site, leaked all over the place,
but the only reason I've posted about it, is to confirm that indeed happened, after seeing bitpushr's post,
so the sysadmin(s) can look into it.
After said that, please keep in mind that even if they find out what caused the leak this time and patch it,
that doesn't mean that it won't happen again in the future. So the least we (the members) can do,
is to follow svetius advice and keep different passwords for each service we subscribe to and different e-mail accounts
whenever possible, although most of the disposable e-mail services, sadly are banned in this site -- obviously to fight spam accounts.
I hope that this can answer your question about why to change email/passwords this time (and every time after that).
I understand your frustration, it is indeed PITA, but one can hope that whatever backdoor was open to our data, it is closed for now...
You misunderstood me, I do use different email addresses for all my logins, that's the benefit of having my own email server. I also use different random passwords for each account. What I meant was that it's a annoying to change my email address here more than once since the leak hasn't been identified. For example, I can change it right now to another one but then whoever got our addresses already could go back and get my new email address, so then I have to change it again.
I don't really use my account here very often but I do read the RSS feeds/articles every day. I'm just saying that it seems a bit irresponsible to not let people know that their email accounts and who knows what other information has been stolen. That is also part of the reason I asked what was being done about this besides waiting for whoever it was to tell them how they did it.
Unfortunately "hoping" that the leak has been sealed is not a solution.
I wrote the screen scraper suggestion, and that's a pretty unlikely scenario since those are usually used against high value targets for banking info/logins. Most harvesters use the outlook address book or mine the browser cache of victim machines. The most likely explanation is that this was a sql injection attack on the forum software and probably took place "many moons" ago.
Ditto
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
XDA will never, ever ever ever sell E-mail adreses!
Sent from my MB525 using xda app-developers app
Rinkink said:
Not sure if you want more confirmation, but I too have received Diablo III related fishing messages - to an address specific to this board.
My best bet is that someone sold a list of email address on...
Not a big issue for me as I'll just change my email address if the messages gets too much. Going to change my password just in case, but I haven't noticed anything strange.
Good luck!
Click to expand...
Click to collapse
We have looked for any suspicious activity carried out by authorised users, and have found nothing so far.
I'm currently working backwards through years of vBulletin emails to see if there's anything from the past that could be an issue.
Your actual password isn't stored on, or transmitted to, XDA. It's stored in a hashed and salted form, which is more than can be said for many high profile sites unfortunately that were in the news recently...
Still, we'll not be happy until we can work out what's happened, no matter how long ago or recently it may have been.
I guess "Off topic" is the right place for this.
Just got two emails from some unknown sender with the following message;
Greetings"
I hope this message meets you in good state of health? My name is [ Mrs Monalisa Cebile Nelson ], I'm young and adventurous woman, searching for a dependable and positive minded person. Actually I found your e-mail address from [ http://forum.xda-developers.com ] and specifically contact you for assistance in foreign partnership based on agreement for mutual benefit, also will very much acknowledge your immediate response please. I hope we can have a positive correspondence and also we can work collectively? Anyway I will intimate you more on that as soon as we get in contact. Please if you are interested do not hesitate to get back to me via [ [email protected] ] for more details and my pictures. Best regards with expectation to hear from you soon.
Mrs Lisa Nelson...
Any idea on this?
SKJoy2001 said:
I guess "Off topic" is the right place for this.
Just got two emails from some unknown sender with the following message;
Greetings"
I hope this message meets you in good state of health? My name is [ Mrs Monalisa Cebile Nelson ], I'm young and adventurous woman, searching for a dependable and positive minded person. Actually I found your e-mail address from [ http://forum.xda-developers.com ] and specifically contact you for assistance in foreign partnership based on agreement for mutual benefit, also will very much acknowledge your immediate response please. I hope we can have a positive correspondence and also we can work collectively? Anyway I will intimate you more on that as soon as we get in contact. Please if you are interested do not hesitate to get back to me via [ [email protected] ] for more details and my pictures. Best regards with expectation to hear from you soon.
Mrs Lisa Nelson...
Any idea on this?
Click to expand...
Click to collapse
The site isn't compromised - you've configured your profile to show this information publicly.
Your account settings are making a lot of contact information available - check out your profile page at http://forum.xda-developers.com/member.php?u=2123239 and go to contact info - there's a few email addresses showing up there. Your yahoo and own-domain emails are both appearing there - you may wish to not publicise such information on the site.
pulser_g2 said:
The site isn't compromised - you've configured your profile to show this information publicly.
Your account settings are making a lot of contact information available - check out your profile page at http://forum.xda-developers.com/member.php?u=2123239 and go to contact info - there's a few email addresses showing up there. Your yahoo and own-domain emails are both appearing there - you may wish to not publicise such information on the site.
Click to expand...
Click to collapse
It is good to learn that nothing bad had happened. I knew my email address is exposed, but it was a little strange someone might care to copy it from here and include in a mailing list in a random basis and it would take a lot of hard work to check and copy for all members here! Feeling special lol
SKJoy2001 said:
It is good to learn that nothing bad had happened. I knew my email address is exposed, but it was a little strange someone might care to copy it from here and include in a mailing list in a random basis and it would take a lot of hard work to check and copy for all members here! Feeling special lol
Click to expand...
Click to collapse
It will be a crawler - like search engines crawl pages for search terms, some crawlers trawl the entire internet for email addresses to spam. Unfortunate that it happens, but so is the internet these days... That's just ordinary spam, nothing more, nothing less.