Since Google Help was of very little, what do you guys think about this question?

[Voixdelion]

http://www.google.com/support/forum/p/gmail/thread?fid=663437a34fed13f10004a72afabac9fe&hl=en

Google sent me a "suspicious activity" alert (without explaining what kind of activity that was exactly).   I had to check my emails and found one sent item that wasn't from me - but it also apparently got sent TO me as well, and then followed by a "bounced" fail to one other address that I don't know either.   My Ip history on the gmail is constant for the time it was sent and the message had a different name in the field than the one on my account.

I already reset the password, but what kind of spammer only sends ONE spam mail from a hacked account?  I don't know enough about programming to be sure of this at all, but it seems like some kind of internal thing where it spoofs part of the address or something. It just seems to me that if in fact my account were actually compromised and someone was sending mail using my password et al, wouldn't all of the sent items be in my sent folder and wouldn't the name be the same as on the account and wouldn't the ip address have to show a login from somewhere else?  It doesn't make sense to me that someone has actually compromised the password,  but maybe just don't get it  Would it be possible to have this occur without that spammer having accessed my password somehow? (and if they do have it - I believe I can thank Sony and their PSN breach for that most likely.  F***ers.)

I think it might be something like when I was getting spam apparently from myself at gmail - at that time there were assurances that it was definitely NOT because they had my password but because they were using my own address as the sender to send me spam somehow...

For some reason its just this kind of really stupid annoyance that makes me want to work on my kung-fu.  Apparently I have a gift for programming, but I just never thought to develop it.  Revenge is good motivation tool.

[keyb_gr]

Spammers work a lot with the BCC header, which the recipient does not get. Hence the "getting a message from yourself" phenomenon.

Since you have already reset the password, pretty much the only thing you can still do is scan for malware that may have exploited your account data locally. You never know.

It usually doesn't hurt to have at least some router/firewall (NAT with port filters) between your computer and the interwebs, only enable stuff like Java and Flash whenever needed, and of course have things kept up to date. This strategy has been working pretty well for me in the last decade.

I don't think this kind of stuff would be a good place to get started with programming. Even script kiddies are likely to be years ahead in terms of experience. It's probably better to get started with some programming language, get to know it reasonably well and then poke your nose into some open source project(s) using it, or look into microcontroller projects or somesuch.

[TacticalCoder]

http://Google sent me a "suspicious activity" alert (without explaining what kind of activity that was exactly)[/QUOTE]I wouldn't take any risk: turn on two-form factor authentication for GMail ASAP.  They call it "2-step verification" and its 1000 times more secure than having just a password.[URL=http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html]http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

Note that you may need to first click on this in your GMail security settings:

Looking for older account options? Visit the previous version of the Google accounts screen

Then you'll be able to turn on 2-step authentication.

Also verify the POP3 settings etc. from your GMail account to make sure someone didn't compromise your account and then sneakily add a way to receive all your emails.

[Voixdelion]

*sigh*  I guess reading is a lost art, huh?  To reiterate: I've already taken steps to secure (I'm pretty paranoid about that ever since I got hacked in 2001 and my computer appeared possessed.)  and I wasn't thinking of starting up a career, just musing about wishing I COULD do something.  

All I was wondering, since I am pretty careful already, was if the spam being sent (which is the only thing I could identify as a problem) could have happened somehow without someone actually having my password and why if they have my password did they not send more spam? and why didn't it show as a login from a different IP?   What, if any, are other possible avenues for this to have occurred?  (This machine doesn't have remote access enabled, and according to several tools,  is clean of malware.)  Is it possible that there's a hole gmail hasn't plugged?  From what I can tell, I'm shored up fairly well.

(seems like even with the BCC - shouldn't that info show up in the SENT version of that piece of mail if I was the one sending it?)

[TexasFlood]

I think those google "suspicious activity" alerts are typically triggered by logging in from a wildly different location as determined by IP address.  Perhaps someone was just testing the waters to see if an email could be sent, perhaps just playing, perhaps with bigger & badder plans to come.

[TexasFlood]

I think those google "suspicious activity" alerts are typically triggered by logging in from a wildly different location as determined by IP address.  You know google permanently logs that stuff, as well as everything you say and who you say it to, where you browse, whatever they can.  It's a business for profit and they're not providing these services out of the goodness of their hearts.  Sorry if I seem a bit paranoid but just cause you're paranoid don't mean they aren't after you, hah.  One can just hope they don't misuse that data.  Perhaps someone was able to log into your account from Southeast Asia or something and was just testing the waters to see if an email could be sent, perhaps just playing, perhaps with bigger & badder plans to come.

[Voixdelion]

I'm right there with you on that one (in my foil hat, no less!)  Google's "don't be evil" slogan is maybe just the first half of "Don't be Evil... We've already got that covered."  Methinks they've gotten a bit big for their britches.  I usually keep some misinformation on at least a few fields of any account I have, just in case - especially the free ones.  "jane smith" is the gmail owner and is generally the account I use to keep spam from reaching me at my actual email.  (Facebook is getting REALLY scary too - but it is a link to people I would otherwise miss.)  

But that's just the thing is the IP address history tool provided by Google should have shown something different in that case, especially if that was the trigger, right?  - all logins for the last three days are from the same one: mine.  I was suspicious of the "suspicious activity" alert myself since I don't really get how the verification code is all that helpful since you actually tell it what phone number to call to send the code to.  How is that useful?  I did a couple sweeps and used a different browser and reset the password a couple times for good measure even though it appeared legitimately to be Google asking for it.  I also wondered if it wasn't just another way to get more accumulated data to associate or aggregate (or aggravate for that matter - I'm leery of anything asking for my phone number that shouldn't have a reason to call me especially since I cannot stop a particular offender from sending me robocalls for the last two years on a regular basis no matter how I threaten or beg.  I've started logging everything for the FCC on that one.)

 I dunno- the whole thing just doesn't feel right.  I use strong passes and can't figure out what I might have missed if someone got hold of it - I don't even check that address that often.  Weird.

[TexasFlood]

So perhaps it's a security vulnerability that the big companies involved aren't anxious to publicize, such as the "Adobe has confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users" article I just googled (ironical eh?) up from 6/7/2011.

[TexasFlood]

So perhaps it's a security vulnerability that the big companies involved aren't anxious to publicize, such as the "Adobe has confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users" article I just googled (ironical eh?) up from 6/7/2011.

[Voixdelion]

Reeeaaaaly?

 O_o

[audioave10]

"Too big for their britches" is a perfect analogy. I don't use Google (except for the simple search feature) or Facebook.
I just don't care for the large data mining corporations. I also stay away from antivirus programs. I use simple utilities to guard against problems. Many folks from work bring their PC's to me for removing viruses and they almost always have the free antivirus programs (rarely updated). When it comes to software, rarely is bigger ever better. Sorry for off-topic. I hope you can refind your comfort zone.

I didn't see your issue on here...

http://mail.google.com/support/bin/static.py?page=known_issues.cs

This seems more closely related...

http://www.davidairey.com/google-gmail-phishing-scam/

Here is something else...

http://www.washingtonpost.com/blogs/post-tech/post/google-hundreds-of-gmail-accounts-hacked-including-some-senior-us-government-officials/2011/06/01/AGgASgGH_blog.html

[Voixdelion]

Looks like I was indeed a step behind in my Flash update (I could have sworn I just recently updated it,but it's possible that it was only on one browser ) And there may have even been another patch just after the one TexasFlood mentioned.  This is from the 15th - about a week later:

http://www.computerworld.com/s/article/9217629/Adobe_patches_second_Flash_zero_day_in_9_days?taxonomyId=17&pageNumber=1

http://threatpost.com/en_us/blogs/attackers-exploiting-critical-flash-bug-drive-download-062011

 Thanks for the heads up on that, Texas!  Might well have been the issue -  more likely than a successful phishing attempt for sure.   Even if not, that was very good to know since I was probably vulnerable since I wasn't current.  Hmmm - come to think of it, I remember there WAS just recently an odd thing about there being an extra FF "container" process that didn't close when I shut down Firefox.  That was the first time I can remember that happening and I quit the process, but something must have been behaving oddly for me to have been looking at the process window at the time.  I run a minimum of the extraneous crap services  - only the barest bones I need to and I'm pretty familiar with the ones that should be there because I keep a link to a process explorer on my quick launch because I look for anything unknown going on whenever the box starts feeling sluggish or responding "weird" at all especially when online (Like I said, Paranoid .)  It MIGHT even coincide with the timing of that message in the SENT folder - which might explain why only one message went out if I nipped it in the bud by killing the container process. OR maybe... When did I post that question about the VOIP acting funny? I wonder...

Oh well.  At least it wasn't worse.   And now that flash is updated proper, off to change the gmail pass AGAIN  

Glad I posted that question here - I'd not have known about this at all otherwise.

[Voixdelion]

"Too big for their britches" is a perfect analogy....
When it comes to software, rarely is bigger ever better. Sorry for off-topic. I hope you can refind your comfort zone.

Not terribly off anyway.  And I find that its usually when something I like (probably because it was designed for something specific and much attention was given to THAT thing) goes well enough to have become focused on GROWTH that it begins to be something I like less than I did before the growing.  (I'm not looking at YOU, Firefox...)  This applies to more than software.

And comfort was never enough that I know for sure which details of mine are the ones I actually use for any given account I have, so ... eh. =)

  I just wanted to know if I missed something obvious and inadvertently spilled more beans than just the gmail in the process. I was more concerned that  if that one got hit, what else did too? and how?   The only known possible breach was the PSN thing (gmail was used for that for sure)   I'm not that worried even about my banking info really, I have nothing for anyone to steal and no overdraft in place.  My credit is total crap too.  I just don't like thinking I might have missed something on my watch.

[redpill]

IMHO g-mail isn't worth the strings attached.

And for searches, there's always Scroogle

[theferenc]

The spam message being from yourself is actually really easy to do. There are several ways in which it can be done. I can masquerade as you, and send a message that I know will be bounced, which then gets bounced back to you, since you are the "originator" of the message.

Alternatively, I can just fake it, and send it to you directly. I can send you an email claiming to the POTUS, your mother, or the Pope, if you really want me to. It's trivially easy to do with just simple tools. Well, assuming I know what their real email addresses are, of course.

There was a kid a few ( years back that got expelled from Miami University of Ohio by sending an email cancelling classes. Unfortunately, he was masquerading as the president of the university...and smtp servers do have logs. They traced it back to his dorm room, and he was packing up to go home in the middle of the semester. Seemed a bit harsh to me, since it was just a prank, but apparently it violated their honor code, and the Discipline Committee claimed it was hacking. Unfortunately for the kid, the DC was clueless about this, as no hacking is necessary, as the design of email is inherently broken, and from a more trusting age of the internet.

[Voixdelion]

That's too bad (for the kid, I mean.)  I do kind of understand about the honor code thing though - there was a seventh grader at my school who was expelled for taking a sandwich baggie with some tootsie rolls in it that was taped to the outside of another girls locker because it was a violation of the honor code more so than an act of malice or theft.  I guess there aren't that many situations where honor has any sort of gray area - most of the time its a pretty clear choice which side of the line you are on.  And it really did make for a pretty idyllic society when people could be counted on to behave properly - a truly sad and depressing discrepancy when compared with the real world sometimes.  Frankly I find it somewhat amazing people haven't completely destroyed themselves a long time ago.  (although I suppose that probability is far from inevitable and more likely increasing at an exponential rate - especially if the stupid are prolific enough to make spam profitable - who the **** falls for that **** anyway?)

[theferenc]

We ran some numbers once, as part of my research, and it's something like if a single person gets caught, it is worth it to the spammer only if they sent out less than something like 500,000 pieces of spam. That's assuming he has a program which runs to substitute or fill the email address. We based that on the average power draw of a desktop, at the average electricity costs in the US, etc.

If the spammer is using a botnet (much more likely), they have to capture, on average, 8-10 people with their scam to make the investment in the botnet itself worthwhile. These things actually cost money, you see, for the spammer to buy. Factor in that its often phishing messages, and the numbers drop quite a bit, but that totally depends on who they catch, and what. Your credit card number, if it's been verified, is only worth a few bucks on the black market. That's it.

Bank accounts are often worth more than what's in them, as on average (this is the scary part) they are able to drain it twice. Not just once, but twice. People just don't learn. You would think they would change the password, but what often happens is that it gets drained right before and right after a paycheck hits it. Not sure why they don't wait, but I guess maybe they are worried about automatic payments stealing some money, or some **** like that?

A few years ago a guy in Colorado actually took the "Penis Enlargement" folks to court, claiming false advertisement. He might have had a small penis, but he had HUGE balls for being willing to take it that far. Figuratively speaking, of course.

[Voixdelion]

Thanks for that last bit about the penis guy - first genuine laugh I've had for a couple of days (been a little stressed out)


Maybe his penis only looked small by comparison being so out of proportion to his balls?  =D

Did he win?

[theferenc]

You know, I honestly don't know. And I'm kinda afraid to search on google for that, honestly.

Hope the stress goes away. I totally understand stressed.

[Voixdelion]

I have no such fear - phuckit!  I had to know the outcome ...


http://www.onpointnews.com/NEWS/65m-settlement-in-penis-pill-class-action.html


Gotta respect that he was willing to take the heat to call em on it!

[TacticalCoder]

You said you could pretend to be the pope but that doesn't really work anymore for domains that have domain anti-spoofing measure in place as far as I can tell.  You can't pretend to be the pope if you mail me on my GMail account pretending to be from a domain that has SPF activated.  The email won't even make it to my GMail (or will make it directly into the spam folder).  That's because GMail both provides and checks the SPF record.

So you can pretend to be the pope, but only as long has the pope is on domain that doesn't have SPF.

Not that I disagree with the rest or anything...

[theferenc]

Unfortunately, nearly every provider has their own version of anti-spoofing, none of which are interchangeable, and most of which are ignored by the rest of the world. NIHS is alive and well in the tech world.