medieval-religion: Scholarly discussions of medieval religion and culture

While I appreciate George Ferzoco's swift response to the spam, 
and any effort JISCMAIL or other parties may make towards solving 
such problems, there is not a lot they can do in an instance like 
this, in which it looks as if the account of the listmember 
itself was compromised, and the message contained so little text 
that filters and such would not catch it:  that is, this is not 
just traditional from-address forging (which is easy to do, but 
also not that hard to detect);  rather, one of various possible 
methods has been used actually to gain fraudulent access to a 
legitimate account, which is then used to send out spam, 
malicious e-mails attempting to compromise further accounts, or 
both;  the point of using a compromised account being that the 
account is legitimate, and mail from it will stand a greater 
chance of bypassing filters and reaching the addressee.

All of the major webmail companies (Gmail, Hotmail, Yahoo, Live, 
etc.) and some ISPs have been affected by such attacks in recent 
months, as reported for example at

http://news.bbc.co.uk/2/hi/8292928.stm

http://news.bbc.co.uk/2/hi/8292299.stm

and while the companies involved and others are obviously doing 
what they can, it is also extremely important that individual 
users be aware and take measures to protect their own accounts, 
such as (and apologies for being off-topic and a touch technical 
here):

1)  Use different usernames and passwords for different services 
and accounts (so access to one is not access to more than one).

2)  Use strong passwords (or the strongest a site will allow - 
some still do not allow the full range of characters).  There are 
various guides on-line to this.  Google covers some of the basics 
at

http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=32040

and there is more advice in this Guardian article (especially 
about using phrases to create better passwords):

http://www.guardian.co.uk/technology/2008/nov/13/internet-passwords

Note in particular the advice to (1) grade your accounts in terms 
of importance and risk if they are compromised, and choose 
passwords accordingly;  and (2) rather write passwords or 
reminders of them in notes you carry on your person than choose 
memorable but simple ones - the old advice used to be never to 
write them down, but as they have become more numerous and have 
needed to become more complex, this no longer applies (provided 
you don't leave your notes on public view, or make your passwords 
available to other people, of course).

3)  Never use a link to reach a service or site you login to. 
Rather type the URL yourself, or save it as a "Bookmark" or 
"Favorite" in your browser.

4)  If you use a webmail service especially, check your "Sent" 
folder regularly for messages you have not sent.  Aside from 
angry or bewildered messages from friends and colleagues, this is 
often the only way users will realize that something is wrong. 
If you find any such "Sent" messages, check the "Help" section of 
the site for advice, but if possible change your password and 
other access details (password-recovery questions, for example) 
immediately.  Also, as a piece of general advice, back up your 
important mail outside the webmail service (e. g., by forwarding 
copies to another account, preferably on another service, using 
POP or IMAP access to archive mail off-line, and so on), as loss 
of some or all archived mail is a known side-effect in cases of 
compromised accounts.

5)  Remember that malicious software distributed via e-mail and 
websites is now a major method of fraudulently obtaining account 
details, and, because of the way the Web works now, with any one 
site drawing components from numerous sources, you can no longer 
protect yourself simply by browsing "safe" sites:  even reputable 
ones (for example, the New York Times and the technology blog 
Gizmodo) have been affected by fraudulently placed advertisements 
delivering malicious software from third-party sites.  Therefore, 
if you have computers for which you personally are responsible 
(i. e., not institutional ones), you should make sure that you 
have the most recent versions of software like web browsers, mail 
clients, Adobe or Foxit Reader (for PDF files), media players 
(Windows Media, QuickTime, Real, DivX, VLC, and such), and so on, 
and you should set your software to update automatically or to 
notify you of updates.  Virtually every piece of software in use 
on modern systems has some Internet-access component, and can 
therefore be a potential security risk if known problems are left 
unfixed.  You should also use security software (anti-virus, 
anti-spyware, and firewall, or a combined package), which should 
also be set to update automatically.  If you have a recent 
operating system (Windows XP or later, for example), it may 
include a firewall (which monitors any incoming and outgoing 
communications on your computer, and blocks suspect 
communications), so make sure that is active.  Otherwise, 
security software comes in both paid and free form (and some of 
the free ones are from reputable companies, such as AVG, Windows 
Defender from Microsoft, and their anti-virus offering); 
however, you need to find out or get good advice on what you need 
and what each piece of software covers:  a stand-alone 
anti-virus, for instance, may not offer good or any protection 
against other types of malicious software.


Terrence Lockyer
Johannesburg, South Africa 

**********************************************************************
To join the list, send the message: join medieval-religion YOUR NAME
to: [log in to unmask]
To send a message to the list, address it to:
[log in to unmask]
To leave the list, send the message: leave medieval-religion
to: [log in to unmask]
In order to report problems or to contact the list's owners, write to:
[log in to unmask]
For further information, visit our web site:
http://www.jiscmail.ac.uk/lists/medieval-religion.html