This week in computer security

I think you are trying to express that the case of the theft being done by someone who works at the organization but perhaps I am mistaken as your statement is a bit ambiguous.

Originally Posted by SirJames
Especially if they stole it themselves.

https://wccftech.com/facebook-admits…s-tech-giants/

No Stopping Facebook… Company Admits Sharing Your Private Messages With Other Tech Giants

And even after this, people won't delete it.

--------------------------------------

Next spring, windows 10 pro and enterprise get a builtin sandbox. Finally!
1. No more neighbor's calls over malware installed from porn sites
2. You don't have to renew yearly subscription for sandboxie any more

Well, assuming it'll work as intended which is kinda not expected from Microsoft.
Details:
https://techcommunity.microsoft.com/…ox/ba-p/301849

No, I don't know if this new feature will help cheaters in browser games to efficiently run multiaccounts.

It is normally home folks who visit porn site and they typically don't have enterprise or pro…. so from your post the folks who need it don't get it….

Originally Posted by joxer
[url]
Next spring, windows 10 pro and enterprise get a builtin sandbox. Finally!
1. No more neighbor's calls over malware installed from porn sites
2. You don't have to renew yearly subscription for sandboxie any more

https://www.bloomberg.com/news/artic…sapp-transfers

Facebook Is Developing a Cryptocurrency for WhatsApp Transfers, Sources Say

If you're reading this. Please. When it goes live. Do not. Touch it.

"When best practises are not good enough" - 2-factor-security efficiently hacked - article by Amnesty international :
https://www.amnesty.org/en/latest/re…t-good-enough/

WARNING !

Someone currently uses my e-mail adress which has the name Alrik.Fassbauer to distribute Trojans !!!

They seem to be located on google drive :
https://557.drive.google.com
https://31697.drive.google.com

From the way the copy of the two e-mails I got are worded I see someone who knows that adress is infected with Emotet or something similar !

You sure it's not just a mask while the sender is someone else?
Perhaps your password was hacked. Change the current e-mail password or simply abandom that e-mail address and move to another.
Google drive… You can't do anything about that unless providing a proof to google it contains malware or copyright infrigment materials. Aka if there is a DMCA notice possibility you can (ab)use like removing stolen private porn vid from vimeo, do it.

My guess is that someone took the adress from here during that security breach, because i hadly use it elsewhere.

The contents of the copies sound as if there had been some social engineering going on.

That google drive link was much longer. I shortened here so that no-one could download something from there.

Usually if you used an e-mail for registration on mmos and used the same password on those mmos, it's gonna leak sooner or later.
Same goes to social networks, if your e-mail address and social network have the same password, you're screwed.

Because this happens frequently, I've always suggested using some dummy e-mail address for registration mmos require from trash e-mail services like hotmail.com. Eventually it'll be compromised, but you won't care as that e-mail address is not your "real" one. Social networks just avoid.

I don't believe anyone "stole" both the address and password from here, IIRC some of that data is crypted. Although to be fair, the password I use to log in here is unique and I don't use it anywhere else.

Yes, but thinks usually leak only if you use it elsewhere, too. I mean, if I use the same adress only for 1 purpose, it's not 100 % save, but still safer as if I was using it for 100 purposes.

And this particular one is one of those adresses. There has been only a *very* small number of occations I had been using it - 5 or so - - and registration here has been one of them.

So I'm relatively sure it must have been taken from that security breach we had here.

And, besides, I've never been on social networks anyway. Only in forums, ever.

Was useful to read, thanks. Our company started using monitoring software [here] to prevent data flowing outside of company’s network. Software monitoring allows employers to observe and track computer use and prevent information theft by employees. Nowadays it's the only way to track websites visited and protect our data from online snoopers.

Spam. I recommend to ignore.

Originally Posted by Ripper
Spam. I recommend to ignore.

Did you report it? They do have 54 posts.

---

https://www.businessinsider.fr/us/ne…et-2019-2?op=1

Lots of reports coming out that Google neglected to tell anyone that their Nest Secure device has a microphone.

"[It] should have been listed in the tech specs. That was an error on our part," a company spokesperson told Business Insider.

Yeah, they post a few short random comments, and then every so often slip in one of these, hawking all sorts of crap.

Originally Posted by Alrik Fassbauer
Yes, but thinks usually leak only if you use it elsewhere, too. I mean, if I use the same adress only for 1 purpose, it's not 100 % save, but still safer as if I was using it for 100 purposes.

And this particular one is one of those adresses. There has been only a *very* small number of occations I had been using it - 5 or so - - and registration here has been one of them.

So I'm relatively sure it must have been taken from that security breach we had here.

And, besides, I've never been on social networks anyway. Only in forums, ever.

As I mentioned in the other thread, anyone can send an email using any email address as the sender. It is called email address spoofing. This cannot be prevented by itself, but If the receiving mailserver and the spoofed mail server both have DMARC setup correctly using DKIM keys, it can be flagged correctly as spam. This is not something you as a user can do though, only your email provider can do that.
I really doubt your email account has been hacked though, certainly not because of any security breach here on RPGWatch.

Originally Posted by Ripper
Spam. I recommend to ignore.

Originally Posted by Lucky Day
Did you report it? They do have 54 posts.

Originally Posted by Ripper
Yeah, they post a few short random comments, and then every so often slip in one of these, hawking all sorts of crap.

Banned now. When did you report it, Ripper?
I checked eva89’s other postings, many of them (not all) containing spam! Yuck! That person has been active since april 2017, at a time the first seven postings were not monitored.

Edit.
Removed all postings from that darn spammer.

But this is trivial to spot if you check the full headers. Have you (er Not Myrthos but the victim(s)) checked the full headers to see where the email originated from- Here is a small example:

X-Original-To: my_email_removed
Delivered-To: my_email_removed
Received: from qmta09.emeryville.ca.mail.comcast.net (qmta09.emeryville.ca.mail.comcast.net [76.96.30.96])
^ anything after this line other than destination email could be faked
by my_email_machine_removed (Postfix) with ESMTP id 7A6ED82355
for <my_email_removed>; Sat, 7 Jun 2014 11:18:46 -0700 (PDT)
Received: from imta18.emeryville.ca.mail.comcast.net ([76.96.30.94])
by qmta09.emeryville.ca.mail.comcast.net with comcast
id BWJU1o00321qQjwA9WJmh9; Sat, 07 Jun 2014 18:18:46 +0000
Received: from sdkvoairsrfds.lilaceousgnu.info ([IPv6:2001:1608:10:25::8d13:cead])
by imta18.emeryville.ca.mail.comcast.net with comcast
id BWJP1o01A2VcWiH0JWJj6b; Sat, 07 Jun 2014 18:18:46 +0000
Received: by sdkvoairsrfds.lilaceousgnu.info id hidboc17rvob; Sat, 7 Jun 2014 21:17:58 +0300 (envelope-from <46423026572455.67492237099582633661@0437249.sdjao ijg.lilaceousgnu.info>)
Message-ID: <47522546.035304@sdjaoijg.lilaceousgnu.info>
Date: Sat, 07 Jun 2017 18:17:58 +0000
From: "Comprehend Foreign Language" <Notification@sdjaoijg.lilaceousgnu.info>
^ This is the 'fake' email address' that you see with your email program

Originally Posted by Myrthos
As I mentioned in the other thread, anyone can send an email using any email address as the sender. It is called email address spoofing. This cannot be prevented by itself, but If the receiving mailserver and the spoofed mail server both have DMARC setup correctly using DKIM keys, it can be flagged correctly as spam. This is not something you as a user can do though, only your email provider can do that.
I really doubt your email account has been hacked though, certainly not because of any security breach here on RPGWatch.

Originally Posted by Eye
Banned now. When did you report it, Ripper?
I checked eva89’s other postings, many of them (not all) containing spam! Yuck! That person has been active since april 2017, at a time the first seven postings were not monitored.

Edit.
Removed all postings from that darn spammer.

I thought I reported that one before, and I thought maybe there was just disagreement because of the number of innocuous posts. Perhaps I didn't, though. Anyhow, gone now - thanks for your efforts.

When reading your posting above, I initially thought we had discussed this eva too, so I checked to see when this was, but in my inbox and sent box a different name was mentioned. But maybe I have overlooked one message?

Anyway, I appreciate your and anyones reports. As you can see for yourselves, sometimes the staff does not notice the spam, not even in two years time.
Myrthos overlooked evas spam despite responding in this thread (being focussed on answering Alriks question), so overlooking stuff happens to the best of us.

Though the system has changed by now, some are still smart enough to slip through the first monitoring. Let’s hope this is a one time exception, it took me some time to take the necessary steps.

Originally Posted by you
But this is trivial to spot if you check the full headers. Have you (er Not Myrthos but the victim(s)) checked the full headers to see where the email originated from- Here is a small example:

Nice, you have an email header with smilies

Well the ultimate problem is that software used for rpgwatch's forum can't understand when smiles are not appropriate…..

Originally Posted by Myrthos
Nice, you have an email header with smilies