Jump to content

Nicolette Lefevre

  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Nicolette Lefevre

  • Rank
    Advanced Member
  1. Solar Legion wrote: Sorry Nicolette - you're wrong and I won't be discussing this with you at all. You gave Linden Lab your e-mail address and it is up to them to secure it on THEIR server systems. Their responsibility ENDS there. From there, it is the responsibility of whoever owns the systems that address passes through to secure THEIR systems. Sorry, that's the way it is. No Solar, I'm right. It is definitely LL's responsibility. If you do something yourself you have 100% control and 100% of the responsibility. The thing that a lot of people (including you) don't get, is
  2. Solar Legion wrote: Again, here we're going to have to agree to disagree. The systems at LL's end of things are the systems they themselves own and operate. That is "LL's end". Anything outside of it, including outsourced systems, exists between the user and Linden Lab. Wrong! From the moment I give LL my email-address, taking care that that info doesn't leak is LL's responsibility. If LL choses to outsource certain things and handover my information to others, then whatever happens is *still* within LL's responsibility. I didn't enter into a contract with that other company, I don't even
  3. Last time I received one of these bulk emails from LL, it was about the Valentine's Gift. That one was sent using Amazon Simple Email Service (Amazon SES). One of the email-addresses on which I received the phishing-attack, didn't yet exist back then. I created that email-address about two weeks after the Valentine's Gift emails were sent by LL.
  4. Mail headers can only give you an (unreliable) indication from where the emails were sent. They do NOT give you an idea on how the email-addresses were acquired. And the latter part is the one that worries me. All 8 emails that I received appear to be originating from the same server. The WHOIS information on that IP is kinda weird. The IP-block appears to be registered to a company in Iceland, but the technical/abuse contact is listed as a person in Croatia. Even if the WHOIS information is correct, there is nothing to suggest that the legal owner of that server is actually responsible for
  5. HoppytheWanderer wrote: I can think of a few things to try to correlate, to see if those might be related: 1. Do you have 'Auto Play Media' turned on? Turn it off. It's probably the worst security nightmare out there I can see. I've run into sim where there are objects "streaming" things like seo sites, and none will be the wiser if you don't look at currently playing media. I have no idea how secure the internal web browser is but I don't have high confidence in it. 2. Do you do any kind of object scripting that could expose your email address? Doesn't sound likely, or you'd have found
  6. I have two actual email-accounts. Let's call them "myname@myprivatedomain.de" and "myname@myworkdomain.de". All the other email-adresses forward to one of those two. And all my email-adresses are on one of these two domains. Email for both domains is hosted on the same server and handled by the same program. So all the forwarding is done internally within this program. All my SL email-adresses are forwarded to "myname@myprivatedomain.de". Among a bunch of other aliases that also land in that inbox. Only the actual two mail-accounts will ever appear as my sender-adress. So I never sent any em
  7. What do you want me to paste? Error-logs from LL's own servers that prove how they were hacked? I naturally do not have access to those. Or my own mail-server logfiles? Not gonna happen as that logfile contains private information that I'm not going to disclose. The header-lines of the emails? They also contain information that could identify me, and without that information the header-lines of the emails would be useless. And to state it yet again: I have 8 different email-adresses that I use for SL and for nothing else. All of them have received the same phishing-email. The emails differ on
  8. I agree about the link. I would even go a step further. Ivor, you should remove everything before the gff23.com and everything after the "?". Because quite frankly, by posting that link you actually told everyone here your email-adress. It's encoded in the link. And Freya, I see you still think that this is not SL's fault, even though every single piece of evidence is clearly pointing in that direction.
  9. You are not just unable to see it, you are UNWILLING to see it. And that is why you try to ridicule me. Doesn't work. You are only ridiculing yourself.
  10. I'll try again: I have received today's phishing-attack on 8 email-adresses. All of them are used only for SL. So only two parties should know these adresses. Me myself and LL. If the leak were on my side, why were the email-adresses used for SL affected and NONE of the other ones? We are talking about 8 out of about 100 adresses. If the leak were on my side, then the affected email-adresses should be random picks out of the available pool. A little skewed probably depending on how much I use the various adresses. But still close to being random. And for a random pick of 8 out of 100 we are
  11. Freya: It looks like you simply do not want to accept the facts. 1) ALL my SL-email accounts have received the phishing mail. 2) NONE of my other email-accounts have received it. I brought up my PayPal account, because that's what's being targeted. And because if someone were somehow scanning my ingoing/outgoing email for something to do with PayPal (because that's what they are targeting), then those other email-accounts would be affected as well. I HAVE investigated this. I checked my mailserver-logfiles. Nothing unusual there. Sure, the occasional attempt to send an email to a non-exist
  12. If my incoming/outgoing data had been listened to, then not only SL adresses would be affected. I just checked and less than 5% of my emails are SL-related. I have also used PayPal in connection with some of the other email-adresses. Several web-hosters for example where I pay with PayPal. None of those email-adresses are affected. So if someone were to attack all my emails that have a connection to my PayPal usage, then why aren't those affected? Why are NONE of my other email-adresses affected? So far I see all but one of my SL-emails affected. And none of my other emails. To me the simple
  13. I'm not saying that SL is doing these phishing-attacks. They are certainly NOT doing that. I'm saying that they should try to find out how the data leaked from them. Either from them or their payment processor. Oh... and the 100 email adresses are useful. At least now I know where the leak came from. I can change the affected adresses, disable the old ones, and will not get any phishing/spam to them in the future.
  14. I do not use MS Exchange. I use hMailServer. The email-adresses can't just be "guessed" by some attacker. They are all in the form of "sl_user_firstnamexxxxxx@mydomain.de" where "xxxxxx" consists of several random digits. While the mail-server does respond with an error-message when trying to send to a non-existent email-adress, this would be of no help here to the phisher. Simply because if someone had guessed these email-adresses, then not only my SL email-adresses would be affected, but others too. And that is not the case. Only email-adresses used for SL are affected. And I have about 10
  15. Today I have received emails with PayPal phishing-attempts to several email adresses that I have ONLY used for Second Life. So far 5 email adresses (one for every Alt) have been affected. All phishing emails tried (unsuccessfully!) to lure me to a subdomain of gff23.com to "update my PayPal information". The subdomain differs between emails. The emails have been in German, but my location can easily be deduced from the domain-name of my email ending in ".de". I want to point out again that these email-adresses were NEVER used for anything else but SL. These emails were NEVE
  • Create New...