[Wolves] Spam ... my fail

Mike Hingley computa_mike at hotmail.com
Wed Jul 7 07:04:10 UTC 2010

The reason why I was suggesting that is that I used the Kiosk PC at lunch time, but the spam mails were sent out at 20:15 (ish).  I only use my laptops (1 windows Vista, 1 UNR 10.04) and as far as I can see nothing has changed there...  There has been virus issues previously so i thought it was most likely that themachine would have been compromised with some form of key logging thing.

I've asked them to take a look at it this morning anyway...

> Date: Wed, 7 Jul 2010 07:51:08 +0100
> From: mark at quarella.co.uk
> To: wolves at mailman.lug.org.uk
> Subject: Re: [Wolves] Spam ... my fail
>   On 07/07/10 00:23, Mike Hingley wrote:
> > when I used what I assumed to be safe Kiosk windows PC at work to check my email
> Obviously it's easy to point the finger at the "safe" Windows PC (which 
> browser, out of curiosity?)
> In my experience these problems are usually XSS (cross-site scripting) 
> attacks, which as I understand them basically work like this: you log into 
> webmail, receive an email with a link to somewhere, which you click on to open 
> that website, which contains malicious code (usually because it has been 
> hacked). So you have an active login to your mail, and you're visiting a site 
> which downloads code to your browser (eg Javascript) which runs and makes 
> calls to the webmail application on the server (eg Hotmail) to force it to 
> send links to said webpage to all your friends. This relies on vulnerabilities 
> in either the browser or the website (both?) and is particularly hard to beat 
> because by definition it happens when you have an active connection open to 
> your email thus potentially bypassing the login. The same could happen if you 
> have an open login to your bank, for example, but this is much easier to 
> defeat in principle (you're unlikely to be following links to malicious code 
> from the bank, so the browser just needs to keep the sessions separate) but 
> does illustrate why logging out of any accounts (bank, email, etc) when you've 
> finished with them is important, rather than just closing the tab. Of-course 
> it is hard to log out of your email before clicking on a link within it, which 
> is what makes this particular problem so hard to defeat. My guess is that if 
> you were to copy the link and paste it into a new tab then it might get a new 
> session which might make XSS attacks harder, but I'm not an expert in these 
> things. The browser *should* create an independent session when you open a 
> link to a different site, but presumably not all browsers do, or if they do 
> they don't keep different sessions completely separate. My guess would be that 
> browsers like Chrome that run each tab as a separate process probably do 
> better in this regard.
> -- 
> Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450
> Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home: https://mailman.lug.org.uk/mailman/listinfo/wolves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20100707/3d34b4a3/attachment.htm>

More information about the Wolves mailing list