medieval-religion: Scholarly discussions of medieval religion and culture
While I appreciate George Ferzoco's swift response to the spam,
and any effort JISCMAIL or other parties may make towards solving
such problems, there is not a lot they can do in an instance like
this, in which it looks as if the account of the listmember
itself was compromised, and the message contained so little text
that filters and such would not catch it: that is, this is not
just traditional from-address forging (which is easy to do, but
also not that hard to detect); rather, one of various possible
methods has been used actually to gain fraudulent access to a
legitimate account, which is then used to send out spam,
malicious e-mails attempting to compromise further accounts, or
both; the point of using a compromised account being that the
account is legitimate, and mail from it will stand a greater
chance of bypassing filters and reaching the addressee.
All of the major webmail companies (Gmail, Hotmail, Yahoo, Live,
etc.) and some ISPs have been affected by such attacks in recent
months, as reported for example at
http://news.bbc.co.uk/2/hi/8292928.stm
http://news.bbc.co.uk/2/hi/8292299.stm
and while the companies involved and others are obviously doing
what they can, it is also extremely important that individual
users be aware and take measures to protect their own accounts,
such as (and apologies for being off-topic and a touch technical
here):
1) Use different usernames and passwords for different services
and accounts (so access to one is not access to more than one).
2) Use strong passwords (or the strongest a site will allow -
some still do not allow the full range of characters). There are
various guides on-line to this. Google covers some of the basics
at
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=32040
and there is more advice in this Guardian article (especially
about using phrases to create better passwords):
http://www.guardian.co.uk/technology/2008/nov/13/internet-passwords
Note in particular the advice to (1) grade your accounts in terms
of importance and risk if they are compromised, and choose
passwords accordingly; and (2) rather write passwords or
reminders of them in notes you carry on your person than choose
memorable but simple ones - the old advice used to be never to
write them down, but as they have become more numerous and have
needed to become more complex, this no longer applies (provided
you don't leave your notes on public view, or make your passwords
available to other people, of course).
3) Never use a link to reach a service or site you login to.
Rather type the URL yourself, or save it as a "Bookmark" or
"Favorite" in your browser.
4) If you use a webmail service especially, check your "Sent"
folder regularly for messages you have not sent. Aside from
angry or bewildered messages from friends and colleagues, this is
often the only way users will realize that something is wrong.
If you find any such "Sent" messages, check the "Help" section of
the site for advice, but if possible change your password and
other access details (password-recovery questions, for example)
immediately. Also, as a piece of general advice, back up your
important mail outside the webmail service (e. g., by forwarding
copies to another account, preferably on another service, using
POP or IMAP access to archive mail off-line, and so on), as loss
of some or all archived mail is a known side-effect in cases of
compromised accounts.
5) Remember that malicious software distributed via e-mail and
websites is now a major method of fraudulently obtaining account
details, and, because of the way the Web works now, with any one
site drawing components from numerous sources, you can no longer
protect yourself simply by browsing "safe" sites: even reputable
ones (for example, the New York Times and the technology blog
Gizmodo) have been affected by fraudulently placed advertisements
delivering malicious software from third-party sites. Therefore,
if you have computers for which you personally are responsible
(i. e., not institutional ones), you should make sure that you
have the most recent versions of software like web browsers, mail
clients, Adobe or Foxit Reader (for PDF files), media players
(Windows Media, QuickTime, Real, DivX, VLC, and such), and so on,
and you should set your software to update automatically or to
notify you of updates. Virtually every piece of software in use
on modern systems has some Internet-access component, and can
therefore be a potential security risk if known problems are left
unfixed. You should also use security software (anti-virus,
anti-spyware, and firewall, or a combined package), which should
also be set to update automatically. If you have a recent
operating system (Windows XP or later, for example), it may
include a firewall (which monitors any incoming and outgoing
communications on your computer, and blocks suspect
communications), so make sure that is active. Otherwise,
security software comes in both paid and free form (and some of
the free ones are from reputable companies, such as AVG, Windows
Defender from Microsoft, and their anti-virus offering);
however, you need to find out or get good advice on what you need
and what each piece of software covers: a stand-alone
anti-virus, for instance, may not offer good or any protection
against other types of malicious software.
Terrence Lockyer
Johannesburg, South Africa
**********************************************************************
To join the list, send the message: join medieval-religion YOUR NAME
to: [log in to unmask]
To send a message to the list, address it to:
[log in to unmask]
To leave the list, send the message: leave medieval-religion
to: [log in to unmask]
In order to report problems or to contact the list's owners, write to:
[log in to unmask]
For further information, visit our web site:
http://www.jiscmail.ac.uk/lists/medieval-religion.html
|