[Ecls-list] Apologies for spam

Matthew Mondor mm_lists at pulsar-zone.net
Sun Jan 6 09:43:11 UTC 2013


On Sun, 6 Jan 2013 10:26:10 +0100
Juan Jose Garcia-Ripoll <juanjose.garciaripoll at gmail.com> wrote:

> It seems that my email account was compromised from USA, using SMTP access
> to gmail (is this possible at al?) to send email to all my contacts and
> lists.

That's possible without SSL via SMTP if it requires authentication, via
POP3/IMAP, or with spyware on a system you used, cross-site-scripting
(XSS) site vulnerabilities (I'm not sure if gmail is vulnerable to
that, basically it permits another site to issue a command on behalf of
one of your already logged-in accounts, like sending mail in the case
of a webmail account by issuing an especially crafted HREF or FORM;
sites whihc are not vulnerable to this usually also require a code to
be used as part of the command which is hard to guess)...

It's unfortunately all too common for webmail accounts to get
compromised, and you don't need to feel responsible, other than trying
to correct the situation, which you're already doing :)

BTW, I hope your eyes are better,
-- 
Matt




More information about the ecl-devel mailing list