View previous topic :: View next topic |
Author |
Message |
myga Tux's lil' helper
Joined: 12 Jun 2023 Posts: 121
|
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20484
|
Posted: Mon Jan 29, 2024 3:46 am Post subject: Re: thunderbird users beware |
|
|
myga wrote: | the accusations below are backed facts. | Which facts? You didn't mention any.
myga wrote: | I logged in to my outlook accts using the browser and decided to check "my recent activity" settings. Sure enough, there are multiple failed login attempts from different countries in Europe and Asia on both accts in the last 2 months! | Could it be something other than Thunderbird? Maybe even a problem with Microsoft?
I would be curious to know about your facts though, it could be something else. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
myga Tux's lil' helper
Joined: 12 Jun 2023 Posts: 121
|
Posted: Mon Jan 29, 2024 4:27 am Post subject: Re: thunderbird users beware |
|
|
pjp wrote: | myga wrote: | the accusations below are backed facts. | Which facts? You didn't mention any. |
Quote: | In the past couple of months I decided to use Thunderbird [...] |
Quote: | [...]there are multiple failed login attempts from different countries in Europe and Asia on both accts in the last 2 months! |
If that aint enough for you, then I'm afraid I'm the wrong individual to entertain your belief system. _________________ [Never break the law to save people. Nope, there aint no heroes here. Unless you are 'Satoshi Nakamoto', that's a true anonymous.] |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20484
|
Posted: Mon Jan 29, 2024 5:00 am Post subject: |
|
|
If that's the only "fact" you're relying on, then I agree we have different "belief systems." _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
s0ulslack1 n00b
Joined: 06 Mar 2022 Posts: 25
|
Posted: Mon Jan 29, 2024 6:09 am Post subject: |
|
|
If it was leaking your details surely it'd pass along username/passwords, which it DOES NOT DO.
You're connected to the internet bud, there are trolls that scan IP's all day looking for default username/passwords, exploits and in your case attempting to brute force your credentials. This happens to anyone that has signed up for something online using an email address, thats why most of us use several.
Don't post such ridiculous subjects without any "facts" |
|
Back to top |
|
|
C5ace Guru
Joined: 23 Dec 2013 Posts: 484 Location: Brisbane, Australia
|
Posted: Mon Jan 29, 2024 9:22 am Post subject: |
|
|
in the last 24 hours my mail server registered 1737 invalid login attempts to my email accounts. the record was around 5600 /24 hours during Christmas. _________________ Observation after 30 years working with computers:
All software has known and unknown bugs and vulnerabilities. Especially software written in complex, unstable and object oriented languages such as perl, python, C++, C#, Rust and the likes. |
|
Back to top |
|
|
Goverp Advocate
Joined: 07 Mar 2007 Posts: 2177
|
Posted: Mon Jan 29, 2024 10:07 am Post subject: |
|
|
I've a box running sshd so I can log in and check it's still there (to see if the power has gone). The port is open to the Internet. 6,600 failed login attempts from 330 different IP addresses over the last two days. It's like COVID or flu, but for networks. _________________ Greybeard |
|
Back to top |
|
|
Anon-E-moose Watchman
Joined: 23 May 2008 Posts: 6145 Location: Dallas area
|
Posted: Mon Jan 29, 2024 10:47 am Post subject: |
|
|
Any open port on your computer connected to the internet will draw lots of scans/probes.
Don't like it ... unplug the computer
Trying to blame thunderbird for attempts on any account is specious, at best. _________________ PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
Back to top |
|
|
The Main Man Veteran
Joined: 27 Nov 2014 Posts: 1171 Location: /run/user/1000
|
Posted: Mon Jan 29, 2024 12:58 pm Post subject: |
|
|
It's open source after all. |
|
Back to top |
|
|
Koyan n00b
Joined: 07 Nov 2014 Posts: 32
|
Posted: Mon Jan 29, 2024 1:48 pm Post subject: Re: thunderbird users beware |
|
|
myga wrote: | there are multiple failed login attempts from different countries in Europe and Asia on both accts in the last 2 months! |
If Thunderbird (which knows your login and password) were to blame, those attempts wouldn't have failed. |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5093 Location: Bavaria
|
Posted: Mon Jan 29, 2024 2:44 pm Post subject: Re: thunderbird users beware |
|
|
myga,
let me explain what happened by way of comparison:
You have a house with an entrance door. Your child has a key to the house and is allowed to use it. Now you have your house under surveillance and see that strangers are trying to pick the lock on the front door. Please do not blame your child, because he or she has no influence on the behavior of strangers. Even if you take the key away from your child (thunderbird) and give it to your mother (kmail), strangers may still try to pick your lock.
myga wrote: | If that aint enough for you, then I'm afraid I'm the wrong individual to entertain your belief system. |
I recommend that you have a little more trust in our experts and rather ask questions when something is not understood instead of giving rude answers. If you talk to a Gentoo developer, administrator or moderator, you can be sure that they are not talking nonsense (most of the time ). Users who have been active here since 2002 usually have immense computer expertise ... and yes, we also have new users who are IT professionals in their jobs ... _________________ https://wiki.gentoo.org/wiki/User:Pietinger |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5093 Location: Bavaria
|
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 489
|
Posted: Mon Jan 29, 2024 5:08 pm Post subject: |
|
|
Are you using your outlook email with or without 2FA?
Does Thunderbird use your "real" username/password combination or does Thunderbird use an application password (to bypass the 2FA)? |
|
Back to top |
|
|
Fitzcarraldo Advocate
Joined: 30 Aug 2008 Posts: 2052 Location: United Kingdom
|
Posted: Mon Jan 29, 2024 6:16 pm Post subject: |
|
|
myga,
Thunderbird has nothing to do with cracking attempts on your Outlook e-mail account(s). There are plenty of other e-mail clients other than Thunderbird, and the same phenomenon happens to users of those e-mail clients. I'm the only user of Thunderbird in my family, but there are plenty of unauthorised attempts by crackers to access my family's e-mail accounts.
Enter your e-mail address(es) in the F-Secure Identity Theft Checker:
https://www.f-secure.com/en/identity-theft-checker
You will receive an e-mail per account showing breached services, along with the dates the breach was discovered and what data was exposed (it could be the e-mail address and/or username and/or password and/or your name, and so on). It is likely there are breaches that predate the commencement of your use of Thunderbird.
If you have ever sent an e-mail to an online service (shop, forum, hospital, club, etc.) or registered your e-mail with an online service, and the service has been cracked at some point in time (scraped fully or partially), your e-mail address will be known to the crackers (and possibly posted in lists on the Dark Web), who will then try to crack your e-mail account. It happens all the time. The e-mail account I use for online shopping since 1996 is bombarded with attempts, which is why a strong password is so important (the xkcd cartoon Password Strength comes to mind).
Consider how crackers accessed 34,942 PayPal accounts, for example:
https://www.forbes.com/sites/daveywinder/2023/01/21/no-paypal-hasnt-been-hacked-yet-almost-35000-accounts-were-breached/
PayPal wasn't 'hacked', as such. What the criminals did was crack other Web sites and steal those sites' users' e-mail addresses and passwords. The criminals then tried those passwords on the PayPal site to see if any of the users of the other sites used the same password for their PayPal account. Some 34,942 users did use the same password for their PayPal account as for their account on the other sites that were cracked. The crackers could just have easily tried (and possibly did try) to access the users' e-mail accounts, and they will have automated it, i.e. not using an e-mail client such as Thunderbird. _________________ Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
Back to top |
|
|
|