Jump to content

Nicolette Lefevre

Resident
  • Content Count

    67
  • Joined

  • Last visited

Everything posted by Nicolette Lefevre

  1. Solar Legion wrote: Sorry Nicolette - you're wrong and I won't be discussing this with you at all. You gave Linden Lab your e-mail address and it is up to them to secure it on THEIR server systems. Their responsibility ENDS there. From there, it is the responsibility of whoever owns the systems that address passes through to secure THEIR systems. Sorry, that's the way it is. No Solar, I'm right. It is definitely LL's responsibility. If you do something yourself you have 100% control and 100% of the responsibility. The thing that a lot of people (including you) don't get, is
  2. Solar Legion wrote: Again, here we're going to have to agree to disagree. The systems at LL's end of things are the systems they themselves own and operate. That is "LL's end". Anything outside of it, including outsourced systems, exists between the user and Linden Lab. Wrong! From the moment I give LL my email-address, taking care that that info doesn't leak is LL's responsibility. If LL choses to outsource certain things and handover my information to others, then whatever happens is *still* within LL's responsibility. I didn't enter into a contract with that other company, I don't even
  3. Last time I received one of these bulk emails from LL, it was about the Valentine's Gift. That one was sent using Amazon Simple Email Service (Amazon SES). One of the email-addresses on which I received the phishing-attack, didn't yet exist back then. I created that email-address about two weeks after the Valentine's Gift emails were sent by LL.
  4. Mail headers can only give you an (unreliable) indication from where the emails were sent. They do NOT give you an idea on how the email-addresses were acquired. And the latter part is the one that worries me. All 8 emails that I received appear to be originating from the same server. The WHOIS information on that IP is kinda weird. The IP-block appears to be registered to a company in Iceland, but the technical/abuse contact is listed as a person in Croatia. Even if the WHOIS information is correct, there is nothing to suggest that the legal owner of that server is actually responsible for
  5. HoppytheWanderer wrote: I can think of a few things to try to correlate, to see if those might be related: 1. Do you have 'Auto Play Media' turned on? Turn it off. It's probably the worst security nightmare out there I can see. I've run into sim where there are objects "streaming" things like seo sites, and none will be the wiser if you don't look at currently playing media. I have no idea how secure the internal web browser is but I don't have high confidence in it. 2. Do you do any kind of object scripting that could expose your email address? Doesn't sound likely, or you'd have found
  6. I have two actual email-accounts. Let's call them "myname@myprivatedomain.de" and "myname@myworkdomain.de". All the other email-adresses forward to one of those two. And all my email-adresses are on one of these two domains. Email for both domains is hosted on the same server and handled by the same program. So all the forwarding is done internally within this program. All my SL email-adresses are forwarded to "myname@myprivatedomain.de". Among a bunch of other aliases that also land in that inbox. Only the actual two mail-accounts will ever appear as my sender-adress. So I never sent any em
  7. What do you want me to paste? Error-logs from LL's own servers that prove how they were hacked? I naturally do not have access to those. Or my own mail-server logfiles? Not gonna happen as that logfile contains private information that I'm not going to disclose. The header-lines of the emails? They also contain information that could identify me, and without that information the header-lines of the emails would be useless. And to state it yet again: I have 8 different email-adresses that I use for SL and for nothing else. All of them have received the same phishing-email. The emails differ on
  8. I agree about the link. I would even go a step further. Ivor, you should remove everything before the gff23.com and everything after the "?". Because quite frankly, by posting that link you actually told everyone here your email-adress. It's encoded in the link. And Freya, I see you still think that this is not SL's fault, even though every single piece of evidence is clearly pointing in that direction.
  9. You are not just unable to see it, you are UNWILLING to see it. And that is why you try to ridicule me. Doesn't work. You are only ridiculing yourself.
  10. I'll try again: I have received today's phishing-attack on 8 email-adresses. All of them are used only for SL. So only two parties should know these adresses. Me myself and LL. If the leak were on my side, why were the email-adresses used for SL affected and NONE of the other ones? We are talking about 8 out of about 100 adresses. If the leak were on my side, then the affected email-adresses should be random picks out of the available pool. A little skewed probably depending on how much I use the various adresses. But still close to being random. And for a random pick of 8 out of 100 we are
  11. Freya: It looks like you simply do not want to accept the facts. 1) ALL my SL-email accounts have received the phishing mail. 2) NONE of my other email-accounts have received it. I brought up my PayPal account, because that's what's being targeted. And because if someone were somehow scanning my ingoing/outgoing email for something to do with PayPal (because that's what they are targeting), then those other email-accounts would be affected as well. I HAVE investigated this. I checked my mailserver-logfiles. Nothing unusual there. Sure, the occasional attempt to send an email to a non-exist
  12. If my incoming/outgoing data had been listened to, then not only SL adresses would be affected. I just checked and less than 5% of my emails are SL-related. I have also used PayPal in connection with some of the other email-adresses. Several web-hosters for example where I pay with PayPal. None of those email-adresses are affected. So if someone were to attack all my emails that have a connection to my PayPal usage, then why aren't those affected? Why are NONE of my other email-adresses affected? So far I see all but one of my SL-emails affected. And none of my other emails. To me the simple
  13. I'm not saying that SL is doing these phishing-attacks. They are certainly NOT doing that. I'm saying that they should try to find out how the data leaked from them. Either from them or their payment processor. Oh... and the 100 email adresses are useful. At least now I know where the leak came from. I can change the affected adresses, disable the old ones, and will not get any phishing/spam to them in the future.
  14. I do not use MS Exchange. I use hMailServer. The email-adresses can't just be "guessed" by some attacker. They are all in the form of "sl_user_firstnamexxxxxx@mydomain.de" where "xxxxxx" consists of several random digits. While the mail-server does respond with an error-message when trying to send to a non-existent email-adress, this would be of no help here to the phisher. Simply because if someone had guessed these email-adresses, then not only my SL email-adresses would be affected, but others too. And that is not the case. Only email-adresses used for SL are affected. And I have about 10
  15. Today I have received emails with PayPal phishing-attempts to several email adresses that I have ONLY used for Second Life. So far 5 email adresses (one for every Alt) have been affected. All phishing emails tried (unsuccessfully!) to lure me to a subdomain of gff23.com to "update my PayPal information". The subdomain differs between emails. The emails have been in German, but my location can easily be deduced from the domain-name of my email ending in ".de". I want to point out again that these email-adresses were NEVER used for anything else but SL. These emails were NEVE
  16. Today I have received emails with PayPal phishing-attempts to several email adresses that I have ONLY used for Second Life. So far 5 email adresses (one for every Alt) have been affected. All phishing emails tried (unsuccessfully!) to lure me to a subdomain of gff23.com to "update my PayPal information". The subdomain differs between emails. The emails have been in German, but my location can easily be deduced from the domain-name of my email ending in ".de". I want to point out again that these email-adresses were NEVER used for anything else but SL. These emails were NEVE
  17. Ela Talaj wrote: I send to my customers mailing list once a month and sometimes none in two months... lol... cuz I forget about it or too busy to write a newsletter and still some (small percentage though) complain of "spam". That is because if they didn't explicitly opt-in to receive your newsletter it IS spam! It annoys me massively when I have to click "Discard" to various notecard or texture offers when I login. I never subscribed to any of these newsletters and yet I get about a dozen. The real "highlight" are the ones that do not include information about how to unsubscribe or w
  18. Ok, a script can only send money from the owner of the script to someone. So whatever script did this it must have been owned by the original poster. This does NOT look like there was an invisible prim put over the vendor. To me this looks much more like someone found a way to add a malicious script to the vendor. To the original poster: You may want to check your vendor. Actually all of them. That script may still be in there. But if the author of the script was even halfway intelligent, then the script will have deleted itself after it was done sending the money. I can think of only two w
  19. You really don't seem to get it, do you? Let me explain... Avatar XYZ views an obscure product offered by merchant ABC on Marketplace. So obscure in fact that XYZ is the only person on that day to watch that page. Even further, XYZ buys that product. Now merchant ABC has the name of avatar XYZ in his/her transaction log. And with Google Analytics merchant ABC would also have the IP-adress of XYZ. I dont like this scenario. It can be abused. And that means it WILL be abused! I agree with you that most merchants would not abuse this. But it only takes ONE bad guy. Second Life relies A LOT on
  20. If anybody besides LL would have access to the IPs of people who are visiting MP pages, then I'm STRONGLY OPPOSED to that!!! Has everybody already forgotten the privacy implications of this? Have all (well... most) of you already forgotten the Redzone and Emerald scandals? Well, looks like it's about time to remind you of those. To make things absolutely clear to merchants and to LL: If I ever see Google Analytics on any Marketplace page, then that will be the moment I'm gonna stop using Marketplace! It is my decision where to spend my money. And I will NOT spend my money on people who try
  21. Sassy Romano wrote: Just like the one dance ball vendor who adds you to the list automatically when you visit the shop and refuses to take you off when asked in IM. "I'm too busy, send a notecard" was the reply. "Um, but i've just asked you right now, why send a notecard?" said I. Then it was claimed that I was muted for daring to ask to be removed from a spam list that I didn't ask to be put on in the first place. Far too mant dysfunctional merchant practices in SL unfortunately. Ah yes. I know that vendor. I think that one was the first one ever that *I* muted :-)
  22. I second this. I already stopped buying from several merchants because of this. One has even been one of my favorites before they started spamming me with regular updates via inventory-offers. I am NOT going to tolerate of even encourage this kind of behavior by continuing to give them my money.
  23. I just came across this: http://www.sys-con.com/node/1878888 Excerpt: "Scientists from the Darmstadt Research Center for Advanced Security (CASED) have discovered major security vulnerabilities in numerous virtual machines published by customers of Amazon’s cloud. From 1100 public Amazon Machine Images (AMIs), that are used to provide cloud services, about 30 percent are vulnerable, allowing attackers to manipulate or compromise web services or virtual infrastructures." Given that LL uses AWS a lot that may be an explanation on how data could leak. 
  24. Oh, one more thing that I forgot to mention... Of my 3 affected accounts 2 are pretty old. I entered the credit-card data there a looong time ago. Meaning 2+ years ago. Only for the 3rd affected account do I remember seeing the local payments options. So despite the fact that I used my credit-card on all 3 accounts during the last 6 months (and also on another account to whose email-address I did NOT get any spam-mails), at least for the 2 older accounts I'm not sure if these payments were actually handled by Dragonfish or maybe by some older system.
  25. There has been a new post in the blog Head Shakers From A Metaverse about all this and there are some points in that post that I want to comment on. I'm doing it here instead of in the blog because I would like to keep all the information in one place. "If an email address is used for Second Life only, the last time it was probably entered anywhere was when the email account on the Second Life website was updated – assuming people pull their emails down to an email client or it will be used to log into the mail provider if accessed via the web. Although, web access does increase the c
×
×
  • Create New...