blonde poker forum

If you get (or more accurately, got at about 4:30pm today) an email from me with a random link in it, don't click on it.

I updated my phone OS today, and reinstalled a lot of the apps - some of them use my Google account to log-in (this is mean to be secure).  Soon after, a few people told me that a dodgy-looking email had been sent from my account.

First thing I did was change my password immediately - so hopefully it won't happen again.  But now I'm checking and double-checking everything to make sure it doesn't happen again. 

So apologies for the email.

Would that of happened with an IPhone?
:)

100% yes - and im an iphone lover

Was waiting for that!  Probably far less likely, but I'm not 100% sure where the 'security breach' happened yet - and that's the worrying thing.

I don't suppose you will either unless you're going to disassmble all the apps.

disassmble is my new favourite word

lol

Phone sounds like a bit of a red herring to me - unless you've downloaded new apps or attained them from a compromised source - surely if they were malicious your account would have been taken a while ago.

You could well be right, it might just be a coincidence - unless of course the app (or the app's server) has been compromised since I originally installed the app - and the new update is infected?

I'm checking my PCs as well, but nothing's changed on them (nothing installed, no security changes, etc.) for quite a while - so strange why it should happen this afternoon. 

Happened to me recently too :/ And I have a ridic password :s

I saw the email from you on my HTC. Didn't open the link as I thought is was did. However, wish I could say the same for Darren on the laptop at home.

Suppose one way would be to do a 'Groundhog Day' - and take my phone back to how it was at the start of the day, and then reinstall the apps one-by-one (that use the Google account log-in) and see if I get hacked again.  Not going to do that though, but since I've changed my password I'm not letting anything use the google log-in to authenticate me from now on.

Thought gmail was the nuts?

email received and deleted

thanks.

ffs boshi

I got it but didn't open it cos I was on my phone. I decided to wait until I got home and open it on the lappy.

Read this thread just in time.

http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284

Not heard about this before, will be using it from now on.

didn't get the email :(

Neither did I.  He's off the Christmas card list now.

Yep, I had a nice card for him, with baby Jebus on it too. His loss.

i got it to two different email addresses.  he must really like me ::)

Got this set up now, so if I understand it correctly my account shouldn't be compromisable (is that a word?) in the same way.  Basically, even if someone gets hold of my gmail password, they can't actually log in to my account without the additional verification. For apps and stuff on my phone, I use a different password that is restricted to just that app/protocol, so if that's compromised they can't use that password to access my gmail.

Sounds good in theory.

Vinny and Dawn, I can send you an email if you want. In fact, Claire has a spare.

Actually, a lot of emails were blocked by spam filters, and gmail accounts got a big warning above the email it appears. So if you didn't get one it might mean your email provider is on the ball.

Sigh, got it and clicked on it...then thought "How does Boshi know I need pills?"

then read this.

I'm very nervous about clicking any links Dan post up now.    ;)

How do we know this one is safe, and he's not just trying to get at those of us that didn't click the link on the email he sent out ?


 ;D

:D

Wish I'd known about that 2-step verification thing before I was hacked and those emails went out.  By the way, was yours a viagra one - boldies was, so they seemed to be very targeted...

Great, first Viagra pills from Boshi and now loads of email from Shane Warne.

FML.

Interesting read for anyone who uses gmail but isn't using the two-step authentication:

http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/1/?single_page=true

(long, but worth reading)

WTF?!  You've read it.  You know it's long.  Why are you giving us a link without cliffs FFS?  Someone ban him.  He's useless!

Probably not tbh

Yes. Cliffs please if possible.

Your data aren't as safe you think they are.
Your passwords aren't secure at all really.

1. Lot's of online accounts get hacked every day
2. It's usually either down to easily guessable passwords or you using the same password on a different site with poor security
3. 2 step verification for gmail, using different passwords for different sites and not using obvious passwords are steps you can take
4. Some people don't realise that if you use your PC like a dumb terminal and the internet like a mainframe and store stuff on it - you might get stuffed at some point.

Is a slightly more expansive version

Is the conclusion: use a better password?

Conflict: you need a hard to remember password, and a different one for different sites; but there are many sites, you cannot remember them all. So you go for different ones that are easy to remember (and possible to guess/ 'brute force hack'), or one difficult one and use it on all of the sites. Double epic fail.

Solution: use different passwords for different sites, but write them all down (eg on your phone). Omit to write down a common four digit string that goes on the end of all passwords.

Or in comic form:

(http://imgs.xkcd.com/comics/password_reuse.png)

(http://imgs.xkcd.com/comics/password_strength.png)

If you trust comics...

The text you a code so you can login thing lots of sites are adding now seems a good idea.

I like this lots, I use it for paypal. Just takes 10 secs, but undefeatabable by those snooping with trojans.

Thinking of getting a mouse with fingerprint scanner now, presumably all the password matches are encrypted...

Nope, because that won't protect you from a keylogger or password sniffer from a trojan, etc.

Using a token in addition to a strong password is the recommendation (where possible), and don't use the same password on more than one sensitive site.

As has been said, the additional layer of verification for gmail and paypal makes things a lot safer.