Last week my Yahoo account was hacked and 5000 or so of my closest friends got infected emails from me. Yikes. How did this happen? Beats me. Somehow I had downloaded something nasty myself.
My Yahoo account has been around since several CEOs ago, and it isn’t an account that I do much with. I was surprised by several things that were present in my Yahoo profile though that gave me some pause. For example: my contacts list. I didn’t think that I had many email addresses in my contacts but I saw that I had 5000 entries now. Apparently, sometime ago I had experimented with the bulk import feature and had imported my contact list to this account. Gulp. Well, let’s fix that and I thought I would delete the entries. That produced a mysterious error message. Strike one.
Next, I saw that I actually had the right birthday in my Yahoo profile. Okay, lets change that. Well, you can’t. Or at least not that I could immediately see. Strike two.
Okay, well, at least I could just login and change my account password. That was fine until I realized that I picked a password that I had used on some other accounts. Oops. Strike three.
Alright, enough fooling around. This was crazy. Do I really need a Yahoo email account? Not at all, this isn’t an account that I use for any correspondence. I can create a new one for free anyway that doesn’t have any contacts at all. So let’s just close the darn account. Not so easy. I first had to change my password again and then visit a special page to terminate the account.
Before I did this, I went to the Yahoo Groups page where I run several email mailing lists. One of the lists had my Yahoo ID as the group “owner” which means that I have to assign the group to a new Yahoo ID. So I set up a new Yahoo email address and tried to transfer ownership to this new ID. That wasn’t enough – I still had no Yahoo ID attached to this account. Why? I have no idea. It was a Yahoo.com email address. You would think it would be obvious, but it wasn’t. I used to like Yahoo Groups, but now I was getting ready to just close all of them that I administer, I was so frustrated.
So far my security efforts have been to waste a lot of time signing in and out of Yahoo and trying to understand their systems. There is actually a helpful page of what you have to do if your account has been compromised. (Although it stops short of recommending any specific scanning products to see if your computer has been infected.)
Last week I wasn’t alone: the New York Times ran its own mea culpa article that describes how Chinese hackers targeted several reporters’ email addresses after it ran some critical articles last fall. I found the article interesting in that it specifically mentioned that the Times uses Symantec anti-virus software to protect its computers, only they weren’t really protected. There are lots more information in the piece about what happened and what it took for the Times to clean up after this exploit.
I have written about this before, how anti-virus has become outmoded, on my Dice Security forum that I manage.
I welcome your suggestions on a simple tool that can help in these situations. I haven’t found any that really work all that well.
Self promotions dep’t
Last week I had several articles posted on the various places that I write for. You might be interested in reading one or more of them.
If you want your telecommuter IT team members to feel like they’re part of the same team that works at the company offices, then take a look at these tips in a piece I wrote for a new Mendix blog.
You can read my report posted this month in Techtarget’s Modern Infrastructure ezine here about why the move to faster Ethernet is and isn’t happening across the land.
I tested one of their midrange devices last month and came away impressed. Overall, Cisco has done a superior job at its next generation of firewall technology. There is a written report and a screencast video.
When I travel, I remember to turn off the file sharing setting on my PC for precisely this reason. It is a simple step, but a critical one. Here is what happened to one of my fellow guests when he left sharing on his computer turned on. This was for Internet Evolution.
In this ebook for Fierce Enterprise Communications, I wrote articles talking about how you want to take the next steps from your voice over IP telephony and does SIP trunking really mean the end of the public switched phone network.
N.B. Looks like I wasn’t alone. This might be the explanation for the Yahoo hack: