<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
The reason why I was suggesting that is that I used the Kiosk PC at lunch time, but the spam mails were sent out at 20:15 (ish). I only use my laptops (1 windows Vista, 1 UNR 10.04) and as far as I can see nothing has changed there... There has been virus issues previously so i thought it was most likely that themachine would have been compromised with some form of key logging thing.<br><br>I've asked them to take a look at it this morning anyway...<br><br><br>> Date: Wed, 7 Jul 2010 07:51:08 +0100<br>> From: mark@quarella.co.uk<br>> To: wolves@mailman.lug.org.uk<br>> Subject: Re: [Wolves] Spam ... my fail<br>> <br>> On 07/07/10 00:23, Mike Hingley wrote:<br>> > when I used what I assumed to be safe Kiosk windows PC at work to check my email<br>> <br>> Obviously it's easy to point the finger at the "safe" Windows PC (which <br>> browser, out of curiosity?)<br>> <br>> In my experience these problems are usually XSS (cross-site scripting) <br>> attacks, which as I understand them basically work like this: you log into <br>> webmail, receive an email with a link to somewhere, which you click on to open <br>> that website, which contains malicious code (usually because it has been <br>> hacked). So you have an active login to your mail, and you're visiting a site <br>> which downloads code to your browser (eg Javascript) which runs and makes <br>> calls to the webmail application on the server (eg Hotmail) to force it to <br>> send links to said webpage to all your friends. This relies on vulnerabilities <br>> in either the browser or the website (both?) and is particularly hard to beat <br>> because by definition it happens when you have an active connection open to <br>> your email thus potentially bypassing the login. The same could happen if you <br>> have an open login to your bank, for example, but this is much easier to <br>> defeat in principle (you're unlikely to be following links to malicious code <br>> from the bank, so the browser just needs to keep the sessions separate) but <br>> does illustrate why logging out of any accounts (bank, email, etc) when you've <br>> finished with them is important, rather than just closing the tab. Of-course <br>> it is hard to log out of your email before clicking on a link within it, which <br>> is what makes this particular problem so hard to defeat. My guess is that if <br>> you were to copy the link and paste it into a new tab then it might get a new <br>> session which might make XSS attacks harder, but I'm not an expert in these <br>> things. The browser *should* create an independent session when you open a <br>> link to a different site, but presumably not all browsers do, or if they do <br>> they don't keep different sessions completely separate. My guess would be that <br>> browsers like Chrome that run each tab as a separate process probably do <br>> better in this regard.<br>> <br>> -- <br>> Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450<br>> Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG<br>> <br>> <br>> _______________________________________________<br>> Wolves LUG mailing list<br>> Homepage: http://www.wolveslug.org.uk/<br>> Mailing list: Wolves@mailman.lug.org.uk<br>> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves<br> </body>
</html>